mlsvc_lsa.c revision 3db3f65c6274eb042354801a308c8e9bc4994553
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CDDL HEADER START
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The contents of this file are subject to the terms of the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Common Development and Distribution License (the "License").
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * You may not use this file except in compliance with the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * or http://www.opensolaris.org/os/licensing.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * See the License for the specific language governing permissions
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * and limitations under the License.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * When distributing Covered Code, include this CDDL HEADER in each
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * If applicable, add the following below this CDDL HEADER, with the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * fields enclosed by brackets "[]" replaced with your own identifying
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * information: Portions Copyright [yyyy] [name of copyright owner]
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CDDL HEADER END
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Use is subject to license terms.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#pragma ident "%Z%%M% %I% %E% SMI"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Local Security Authority RPC (LSARPC) server-side interface definition.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <unistd.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <strings.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <pwd.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <grp.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/libsmb.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/libmlrpc.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/libmlsvc.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/mlsvc_util.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/ndl/lsarpc.ndl>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/lsalib.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/ntstatus.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/nterror.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/smbinfo.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/nmpipes.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <smbsrv/ntlocale.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstruct local_group_table {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers WORD sid_name_use;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers WORD domain_ix;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *sid;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *name;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers};
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_key_domain;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_key_account;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_call_stub(struct mlrpc_xaction *mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_CloseHandle(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_QuerySecurityObject(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_EnumAccounts(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_EnumTrustedDomain(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenAccount(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_EnumPrivsAccount(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupPrivValue(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupPrivName(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupPrivDisplayName(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_CreateSecret(void *, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenSecret(void *, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_QueryInfoPolicy(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenDomainHandle(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_OpenDomainHandle(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupSids(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupNames(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_GetConnectedUser(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupSids2(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_LookupNames2(void *arg, struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic DWORD lsarpc_s_PrimaryDomainInfo(struct mslsa_PrimaryDomainInfo *,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic DWORD lsarpc_s_AccountDomainInfo(struct mslsa_AccountDomainInfo *,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mlrpc_xaction *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_s_UpdateDomainTable(struct mlrpc_xaction *,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers smb_userinfo_t *, struct mslsa_domain_table *, DWORD *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int lsarpc_w2k_enable;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic mlrpc_stub_table_t lsarpc_stub_table[] = {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_CloseHandle, LSARPC_OPNUM_CloseHandle },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_QuerySecurityObject, LSARPC_OPNUM_QuerySecurityObject },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_EnumAccounts, LSARPC_OPNUM_EnumerateAccounts },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_EnumTrustedDomain, LSARPC_OPNUM_EnumTrustedDomain },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_OpenAccount, LSARPC_OPNUM_OpenAccount },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_EnumPrivsAccount, LSARPC_OPNUM_EnumPrivsAccount },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupPrivValue, LSARPC_OPNUM_LookupPrivValue },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupPrivName, LSARPC_OPNUM_LookupPrivName },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupPrivDisplayName, LSARPC_OPNUM_LookupPrivDisplayName },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_CreateSecret, LSARPC_OPNUM_CreateSecret },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_OpenSecret, LSARPC_OPNUM_OpenSecret },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_QueryInfoPolicy, LSARPC_OPNUM_QueryInfoPolicy },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_OpenDomainHandle, LSARPC_OPNUM_OpenPolicy },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_OpenDomainHandle, LSARPC_OPNUM_OpenPolicy2 },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupSids, LSARPC_OPNUM_LookupSids },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupNames, LSARPC_OPNUM_LookupNames },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_GetConnectedUser, LSARPC_OPNUM_GetConnectedUser },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupSids2, LSARPC_OPNUM_LookupSids2 },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers { lsarpc_s_LookupNames2, LSARPC_OPNUM_LookupNames2 },
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers {0}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers};
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic mlrpc_service_t lsarpc_service = {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "LSARPC", /* name */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "Local Security Authority", /* desc */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "\\lsarpc", /* endpoint */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers PIPE_LSASS, /* sec_addr_port */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "12345778-1234-abcd-ef000123456789ab", 0, /* abstract */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "8a885d04-1ceb-11c9-9fe808002b104860", 2, /* transfer */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers 0, /* no bind_instance_size */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers NULL, /* no bind_req() */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers NULL, /* no unbind_and_close() */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers lsarpc_call_stub, /* call_stub() */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers &TYPEINFO(lsarpc_interface), /* interface ti */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers lsarpc_stub_table /* stub_table */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers};
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Windows 2000 interface.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic mlrpc_service_t lsarpc_w2k_service = {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "LSARPC_W2K", /* name */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "Local Security Authority", /* desc */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "\\lsarpc", /* endpoint */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers PIPE_LSASS, /* sec_addr_port */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "3919286a-b10c-11d0-9ba800c04fd92ef5", 0, /* abstract */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "8a885d04-1ceb-11c9-9fe808002b104860", 2, /* transfer */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers 0, /* no bind_instance_size */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers NULL, /* no bind_req() */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers NULL, /* no unbind_and_close() */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers lsarpc_call_stub, /* call_stub() */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers &TYPEINFO(lsarpc_interface), /* interface ti */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers lsarpc_stub_table /* stub_table */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers};
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_initialize
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This function registers the LSA RPC interface with the RPC runtime
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * library. It must be called in order to use either the client side
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * or the server side functions.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersvoid
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_initialize(void)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) mlrpc_register_service(&lsarpc_service);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (lsarpc_w2k_enable)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) mlrpc_register_service(&lsarpc_w2k_service);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Custom call_stub to set the stream string policy.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_call_stub(struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers MLNDS_SETF(&mxa->send_mlnds, MLNDS_F_NOTERM);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers MLNDS_SETF(&mxa->recv_mlnds, MLNDS_F_NOTERM);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (mlrpc_generic_call_stub(mxa));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_OpenDomainHandle opnum=0x06
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is a request to open the LSA (OpenPolicy and OpenPolicy2).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The client is looking for an LSA domain handle.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_OpenDomainHandle(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_OpenPolicy2 *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_hdid_t *id;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((id = ndr_hdalloc(mxa, &lsarpc_key_domain)) != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bcopy(id, &param->domain_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } else {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(&param->domain_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_CloseHandle opnum=0x00
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is a request to close the LSA interface specified by the handle.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * We don't track handles (yet), so just zero out the handle and return
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * MLRPC_DRC_OK. Setting the handle to zero appears to be standard
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * behaviour and someone may rely on it, i.e. we do on the client side.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_CloseHandle(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_CloseHandle *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_hdfree(mxa, id);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(&param->result_handle, sizeof (param->result_handle));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_QuerySecurityObject
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*ARGSUSED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_QuerySecurityObject(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_QuerySecurityObject *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_QuerySecurityObject));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_EnumAccounts
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Enumerate the list of local accounts SIDs. The client should supply
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * a valid OpenPolicy2 handle. The enum_context is used to support
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * multiple enumeration calls to obtain the complete list of SIDs.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * It should be set to 0 on the first call and passed unchanged on
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * subsequent calls until there are no more accounts - the server will
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return NT_SC_WARNING(MLSVC_NO_MORE_DATA).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * For now just set the status to access-denied. Note that we still have
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * to provide a valid address for enum_buf because it's a reference and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the marshalling rules require that references must not be null.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * The enum_context is used to support multiple
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_EnumAccounts(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_EnumerateAccounts *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_EnumAccountBuf *enum_buf;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_EnumerateAccounts));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers enum_buf = MLRPC_HEAP_NEW(mxa, struct mslsa_EnumAccountBuf);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (enum_buf == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(enum_buf, sizeof (struct mslsa_EnumAccountBuf));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->enum_buf = enum_buf;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_EnumTrustedDomain
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling requests to enumerate
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the list of trusted domains: currently held in the NT domain database.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This call requires an OpenPolicy2 handle. The enum_context is used to
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * support multiple enumeration calls to obtain the complete list.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * It should be set to 0 on the first call and passed unchanged on
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * subsequent calls until there are no more accounts - the server will
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return NT_SC_WARNING(MLSVC_NO_MORE_DATA).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * For now just set the status to access-denied. Note that we still have
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * to provide a valid address for enum_buf because it's a reference and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * the marshalling rules require that references must not be null.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_EnumTrustedDomain(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_EnumTrustedDomain *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_EnumTrustedDomainBuf *enum_buf;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_EnumTrustedDomain));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers enum_buf = MLRPC_HEAP_NEW(mxa, struct mslsa_EnumTrustedDomainBuf);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (enum_buf == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(enum_buf, sizeof (struct mslsa_EnumTrustedDomainBuf));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->enum_buf = enum_buf;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_OpenAccount
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is a request to open an account handle.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_OpenAccount(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_OpenAccount *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_handle_t *hd;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers hd = ndr_hdlookup(mxa, id);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_OpenAccount));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((id = ndr_hdalloc(mxa, &lsarpc_key_account)) != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bcopy(id, &param->account_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } else {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(&param->account_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_EnumPrivsAccount
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling requests for account
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * privileges. For now just set the status to not-supported status and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return MLRPC_DRC_OK. Note that we still have to provide a valid
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * address for enum_buf because it's a reference and the marshalling
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * rules require that references must not be null.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*ARGSUSED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_EnumPrivsAccount(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_EnumPrivsAccount *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_EnumPrivsAccount));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NOT_SUPPORTED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_LookupPrivValue
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Server side function used to map a privilege name to a locally unique
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * identifier (LUID).
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*ARGSUSED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_LookupPrivValue(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_LookupPrivValue *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers smb_privinfo_t *pi;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((pi = smb_priv_getbyname((char *)param->name.str)) == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivValue));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->luid.low_part = pi->id;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->luid.high_part = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_LookupPrivName
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Server side function used to map a locally unique identifier (LUID)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * to the appropriate privilege name string.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_LookupPrivName(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_LookupPrivName *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers smb_privinfo_t *pi;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int rc;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((pi = smb_priv_getbyvalue(param->luid.low_part)) == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->name = MLRPC_HEAP_NEW(mxa, mslsa_string_t);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (param->name == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc = mlsvc_string_save((ms_string_t *)param->name, pi->name, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (rc == 0) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_LookupPrivDisplayName
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling requests for account
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * privileges. For now just set the status to not-supported status and
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * return MLRPC_DRC_OK.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_LookupPrivDisplayName(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_LookupPrivDisplayName *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers smb_privinfo_t *pi;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int rc;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((pi = smb_priv_getbyname((char *)param->name.str)) == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivDisplayName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->display_name = MLRPC_HEAP_NEW(mxa, mslsa_string_t);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (param->display_name == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivDisplayName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc = mlsvc_string_save((ms_string_t *)param->display_name,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers pi->display_name, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (rc == 0) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_LookupPrivDisplayName));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->language_ret = MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_CreateSecret(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_CreateSecret *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_handle_t *hd;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers hd = ndr_hdlookup(mxa, id);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_OpenAccount));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(&param->secret_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_OpenSecret(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_OpenSecret *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_hdid_t *id = (ndr_hdid_t *)&param->handle;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ndr_handle_t *hd;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers hd = ndr_hdlookup(mxa, id);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_OpenAccount));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(&param->secret_handle, sizeof (mslsa_handle_t));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_GetConnectedUser
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is still guesswork. Netmon doesn't know about this
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * call and I'm not really sure what it is intended to achieve.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Another packet capture application, Ethereal, calls this RPC as
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * GetConnectedUser.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * We will receive our own hostname in the request and it appears
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * we should respond with an account name and the domain name of connected
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * user from the client that makes this call.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_GetConnectedUser(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_GetConnectedUser *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers smb_opipe_context_t *svc = &mxa->context->svc_ctx;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers DWORD status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int rc1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int rc2;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (smb_getdomaininfo(0) == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_GetConnectedUser));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = status;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->owner = MLRPC_HEAP_NEW(mxa, struct mslsa_string_desc);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->domain = MLRPC_HEAP_NEW(mxa, struct mslsa_DomainName);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (param->owner == NULL || param->domain == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = status;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->domain->name = MLRPC_HEAP_NEW(mxa, struct mslsa_string_desc);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (param->domain->name == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = status;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc1 = mlsvc_string_save((ms_string_t *)param->owner,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers svc->oc_account, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers rc2 = mlsvc_string_save((ms_string_t *)param->domain->name,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers svc->oc_domain, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (rc1 == 0 || rc2 == 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = status;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lsarpc_s_QueryInfoPolicy
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * This is the server side function for handling LSA information policy
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * queries. Currently, we only support primary domain and account
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * domain queries. This is just a front end to switch on the request
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * and hand it off to the appropriate function to actually deal with
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * obtaining and building the response.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic int
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerslsarpc_s_QueryInfoPolicy(void *arg, struct mlrpc_xaction *mxa)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_QueryInfoPolicy *param = arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers struct mslsa_PolicyInfo *info;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int security_mode;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers DWORD status;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info = (struct mslsa_PolicyInfo *)MLRPC_HEAP_MALLOC(
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers mxa, sizeof (struct mslsa_PolicyInfo));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (info == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(param, sizeof (struct mslsa_QueryInfoPolicy));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return (MLRPC_DRC_OK);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->switch_value = param->info_class;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers switch (param->info_class) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers case MSLSA_POLICY_AUDIT_EVENTS_INFO:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.audit_events.enabled = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.audit_events.count = 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.audit_events.settings
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers = MLRPC_HEAP_MALLOC(mxa, sizeof (DWORD));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers bzero(info->ru.audit_events.settings, sizeof (DWORD));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers case MSLSA_POLICY_PRIMARY_DOMAIN_INFO:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = lsarpc_s_PrimaryDomainInfo(&info->ru.pd_info, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers case MSLSA_POLICY_ACCOUNT_DOMAIN_INFO:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = lsarpc_s_AccountDomainInfo(&info->ru.ad_info, mxa);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers case MSLSA_POLICY_SERVER_ROLE_INFO:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers security_mode = smb_config_get_secmode();
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (security_mode == SMB_SECMODE_DOMAIN)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.server_role.role = LSA_ROLE_MEMBER_SERVER;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers else
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.server_role.role = LSA_ROLE_STANDALONE_SERVER;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers info->ru.server_role.pad = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers status = NT_STATUS_SUCCESS;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
default:
bzero(param, sizeof (struct mslsa_QueryInfoPolicy));
param->status = NT_SC_ERROR(NT_STATUS_INVALID_INFO_CLASS);
return (MLRPC_DRC_OK);
}
if (status != NT_STATUS_SUCCESS)
param->status = NT_SC_ERROR(status);
else
param->status = NT_STATUS_SUCCESS;
param->info = info;
return (MLRPC_DRC_OK);
}
/*
* lsarpc_s_PrimaryDomainInfo
*
* This is the service side function for handling primary domain policy
* queries. This will return the primary domain name and sid. This is
* currently a pass through interface so all we do is act as a proxy
* between the client and the DC. If there is no session, fake up the
* response with default values - useful for share mode.
*
* If the server name matches the local hostname, we should return
* the local domain SID.
*/
static DWORD
lsarpc_s_PrimaryDomainInfo(struct mslsa_PrimaryDomainInfo *info,
struct mlrpc_xaction *mxa)
{
char domain_name[MLSVC_DOMAIN_NAME_MAX];
smb_sid_t *sid = NULL;
int security_mode;
int rc;
security_mode = smb_config_get_secmode();
if (security_mode != SMB_SECMODE_DOMAIN) {
rc = smb_gethostname(domain_name, MLSVC_DOMAIN_NAME_MAX, 1);
sid = smb_sid_dup(nt_domain_local_sid());
} else {
rc = smb_getdomainname(domain_name, MLSVC_DOMAIN_NAME_MAX);
sid = smb_getdomainsid();
}
if ((sid == NULL) || (rc != 0))
return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
rc = mlsvc_string_save((ms_string_t *)&info->name, domain_name, mxa);
info->sid = (struct mslsa_sid *)mlsvc_sid_save(sid, mxa);
free(sid);
if ((rc == 0) || (info->sid == NULL))
return (NT_STATUS_NO_MEMORY);
return (NT_STATUS_SUCCESS);
}
/*
* lsarpc_s_AccountDomainInfo
*
* This is the service side function for handling account domain policy
* queries. This is where we return our local domain information so that
* NT knows who to query for information on local names and SIDs. The
* domain name is the local hostname.
*/
static DWORD
lsarpc_s_AccountDomainInfo(struct mslsa_AccountDomainInfo *info,
struct mlrpc_xaction *mxa)
{
char domain_name[MLSVC_DOMAIN_NAME_MAX];
smb_sid_t *domain_sid;
int rc;
if (smb_gethostname(domain_name, MLSVC_DOMAIN_NAME_MAX, 1) != 0)
return (NT_STATUS_NO_MEMORY);
if ((domain_sid = nt_domain_local_sid()) == NULL)
return (NT_STATUS_NO_MEMORY);
rc = mlsvc_string_save((ms_string_t *)&info->name, domain_name, mxa);
info->sid = (struct mslsa_sid *)mlsvc_sid_save(domain_sid, mxa);
if ((rc == 0) || (info->sid == NULL))
return (NT_STATUS_NO_MEMORY);
return (NT_STATUS_SUCCESS);
}
/*
* lsarpc_s_LookupNames
*
* This is the service side function for handling name lookup requests.
* Currently, we only support lookups of a single name. This is also a
* pass through interface so all we do is act as a proxy between the
* client and the DC.
*/
static int
lsarpc_s_LookupNames(void *arg, struct mlrpc_xaction *mxa)
{
struct mslsa_LookupNames *param = arg;
struct mslsa_rid_entry *rids;
smb_userinfo_t *user_info = 0;
struct mslsa_domain_table *domain_table;
struct mslsa_domain_entry *domain_entry;
DWORD status = NT_STATUS_SUCCESS;
char *account;
int rc = 0;
if (param->name_table->n_entry != 1)
return (MLRPC_DRC_FAULT_PARAM_0_UNIMPLEMENTED);
rids = MLRPC_HEAP_NEW(mxa, struct mslsa_rid_entry);
domain_table = MLRPC_HEAP_NEW(mxa, struct mslsa_domain_table);
domain_entry = MLRPC_HEAP_NEW(mxa, struct mslsa_domain_entry);
user_info = mlsvc_alloc_user_info();
if (rids == NULL || domain_table == NULL ||
domain_entry == NULL || user_info == NULL) {
status = NT_STATUS_NO_MEMORY;
goto name_lookup_failed;
}
account = (char *)param->name_table->names->str;
status = lsa_lookup_name(NULL, account, SidTypeUnknown, user_info);
if (status != NT_STATUS_SUCCESS)
goto name_lookup_failed;
/*
* Set up the rid table.
*/
rids[0].sid_name_use = user_info->sid_name_use;
rids[0].rid = user_info->rid;
rids[0].domain_index = 0;
param->translated_sids.n_entry = 1;
param->translated_sids.rids = rids;
/*
* Set up the domain table.
*/
domain_table->entries = domain_entry;
domain_table->n_entry = 1;
domain_table->max_n_entry = MLSVC_DOMAIN_MAX;
rc = mlsvc_string_save((ms_string_t *)&domain_entry->domain_name,
user_info->domain_name, mxa);
domain_entry->domain_sid =
(struct mslsa_sid *)mlsvc_sid_save(user_info->domain_sid, mxa);
if (rc == 0 || domain_entry->domain_sid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto name_lookup_failed;
}
param->domain_table = domain_table;
param->mapped_count = 1;
param->status = 0;
mlsvc_free_user_info(user_info);
return (MLRPC_DRC_OK);
name_lookup_failed:
mlsvc_free_user_info(user_info);
bzero(param, sizeof (struct mslsa_LookupNames));
param->status = NT_SC_ERROR(status);
return (MLRPC_DRC_OK);
}
/*
* lsarpc_s_LookupSids
*
* This is the service side function for handling sid lookup requests.
* We have to set up both the name table and the domain table in the
* response. For each SID, we check for UNIX domain (local lookup) or
* NT domain (DC lookup) and call the appropriate lookup function. This
* should resolve the SID to a name. Then we need to update the domain
* table and make the name entry point at the appropriate domain table
* entry.
*
* On success return 0. Otherwise return an RPC specific error code.
*/
static int
lsarpc_s_LookupSids(void *arg, struct mlrpc_xaction *mxa)
{
struct mslsa_LookupSids *param = arg;
struct mslsa_domain_table *domain_table;
struct mslsa_domain_entry *domain_entry;
struct mslsa_name_entry *names;
struct mslsa_name_entry *name;
smb_userinfo_t *user_info;
smb_sid_t *sid;
DWORD n_entry;
int result;
int i;
user_info = mlsvc_alloc_user_info();
n_entry = param->lup_sid_table.n_entry;
names = MLRPC_HEAP_NEWN(mxa, struct mslsa_name_entry, n_entry);
domain_table = MLRPC_HEAP_NEW(mxa, struct mslsa_domain_table);
domain_entry = MLRPC_HEAP_NEWN(mxa, struct mslsa_domain_entry,
MLSVC_DOMAIN_MAX);
if (names == NULL || domain_table == NULL ||
domain_entry == NULL || user_info == NULL) {
bzero(param, sizeof (struct mslsa_LookupSids));
param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
return (MLRPC_DRC_OK);
}
domain_table->entries = domain_entry;
domain_table->n_entry = 0;
domain_table->max_n_entry = MLSVC_DOMAIN_MAX;
name = names;
for (i = 0; i < n_entry; ++i, name++) {
bzero(&names[i], sizeof (struct mslsa_name_entry));
sid = (smb_sid_t *)param->lup_sid_table.entries[i].psid;
result = lsa_lookup_sid(sid, user_info);
if (result != NT_STATUS_SUCCESS)
goto lookup_sid_failed;
if (!mlsvc_string_save((ms_string_t *)&name->name,
user_info->name, mxa)) {
result = NT_STATUS_NO_MEMORY;
goto lookup_sid_failed;
}
name->sid_name_use = user_info->sid_name_use;
result = lsarpc_s_UpdateDomainTable(mxa, user_info,
domain_table, &name->domain_ix);
if (result == -1) {
result = NT_STATUS_INTERNAL_ERROR;
goto lookup_sid_failed;
}
mlsvc_release_user_info(user_info);
}
param->domain_table = domain_table;
param->name_table.n_entry = n_entry;
param->name_table.entries = names;
param->mapped_count = n_entry;
param->status = 0;
mlsvc_free_user_info(user_info);
return (MLRPC_DRC_OK);
lookup_sid_failed:
param->domain_table = 0;
param->name_table.n_entry = 0;
param->name_table.entries = 0;
param->mapped_count = 0;
param->status = NT_SC_ERROR(result);
mlsvc_free_user_info(user_info);
return (MLRPC_DRC_OK);
}
/*
* lsarpc_s_UpdateDomainTable
*
* This routine is responsible for maintaining the domain table which
* will be returned from a SID lookup. Whenever a name is added to the
* name table, this function should be called with the corresponding
* domain name. If the domain information is not already in the table,
* it is added. On success return 0; Otherwise -1 is returned.
*/
static int
lsarpc_s_UpdateDomainTable(struct mlrpc_xaction *mxa,
smb_userinfo_t *user_info, struct mslsa_domain_table *domain_table,
DWORD *domain_idx)
{
struct mslsa_domain_entry *dentry;
DWORD n_entry;
DWORD i;
if (user_info->sid_name_use == SidTypeUnknown ||
user_info->sid_name_use == SidTypeInvalid) {
/*
* These types don't need to reference an entry in the
* domain table. So return -1.
*/
*domain_idx = (DWORD)-1;
return (0);
}
if ((dentry = domain_table->entries) == NULL)
return (-1);
if ((n_entry = domain_table->n_entry) >= MLSVC_DOMAIN_MAX)
return (-1);
for (i = 0; i < n_entry; ++i) {
if (smb_sid_cmp((smb_sid_t *)dentry[i].domain_sid,
user_info->domain_sid)) {
*domain_idx = i;
return (0);
}
}
if (i == MLSVC_DOMAIN_MAX)
return (-1);
if (!mlsvc_string_save((ms_string_t *)&dentry[i].domain_name,
user_info->domain_name, mxa))
return (-1);
dentry[i].domain_sid =
(struct mslsa_sid *)mlsvc_sid_save(user_info->domain_sid, mxa);
if (dentry[i].domain_sid == NULL)
return (-1);
++domain_table->n_entry;
*domain_idx = i;
return (0);
}
/*
* lsarpc_s_LookupSids2
*
* Other than the use of lsar_lookup_sids2 and lsar_name_entry2, this
* is identical to lsarpc_s_LookupSids.
*/
static int
lsarpc_s_LookupSids2(void *arg, struct mlrpc_xaction *mxa)
{
struct lsar_lookup_sids2 *param = arg;
struct lsar_name_entry2 *names;
struct lsar_name_entry2 *name;
struct mslsa_domain_table *domain_table;
struct mslsa_domain_entry *domain_entry;
smb_userinfo_t *user_info;
smb_sid_t *sid;
DWORD n_entry;
int result;
int i;
user_info = mlsvc_alloc_user_info();
n_entry = param->lup_sid_table.n_entry;
names = MLRPC_HEAP_NEWN(mxa, struct lsar_name_entry2, n_entry);
domain_table = MLRPC_HEAP_NEW(mxa, struct mslsa_domain_table);
domain_entry = MLRPC_HEAP_NEWN(mxa, struct mslsa_domain_entry,
MLSVC_DOMAIN_MAX);
if (names == NULL || domain_table == NULL ||
domain_entry == NULL || user_info == NULL) {
bzero(param, sizeof (struct lsar_lookup_sids2));
param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY);
return (MLRPC_DRC_OK);
}
domain_table->entries = domain_entry;
domain_table->n_entry = 0;
domain_table->max_n_entry = MLSVC_DOMAIN_MAX;
name = names;
for (i = 0; i < n_entry; ++i, name++) {
bzero(name, sizeof (struct lsar_name_entry2));
sid = (smb_sid_t *)param->lup_sid_table.entries[i].psid;
result = lsa_lookup_sid(sid, user_info);
if (result != NT_STATUS_SUCCESS)
goto lookup_sid_failed;
if (!mlsvc_string_save((ms_string_t *)&name->name,
user_info->name, mxa)) {
result = NT_STATUS_NO_MEMORY;
goto lookup_sid_failed;
}
name->sid_name_use = user_info->sid_name_use;
result = lsarpc_s_UpdateDomainTable(mxa, user_info,
domain_table, &name->domain_ix);
if (result == -1) {
result = NT_STATUS_INTERNAL_ERROR;
goto lookup_sid_failed;
}
mlsvc_release_user_info(user_info);
}
param->domain_table = domain_table;
param->name_table.n_entry = n_entry;
param->name_table.entries = names;
param->mapped_count = n_entry;
param->status = 0;
mlsvc_free_user_info(user_info);
return (MLRPC_DRC_OK);
lookup_sid_failed:
param->domain_table = 0;
param->name_table.n_entry = 0;
param->name_table.entries = 0;
param->mapped_count = 0;
param->status = NT_SC_ERROR(result);
mlsvc_free_user_info(user_info);
return (MLRPC_DRC_OK);
}
/*
* lsarpc_s_LookupNames2
*
* Other than the use of lsar_LookupNames2 and lsar_rid_entry2, this
* is identical to lsarpc_s_LookupNames.
*/
static int
lsarpc_s_LookupNames2(void *arg, struct mlrpc_xaction *mxa)
{
struct lsar_LookupNames2 *param = arg;
struct lsar_rid_entry2 *rids;
smb_userinfo_t *user_info = 0;
struct mslsa_domain_table *domain_table;
struct mslsa_domain_entry *domain_entry;
char *account;
DWORD status = NT_STATUS_SUCCESS;
int rc = 0;
if (param->name_table->n_entry != 1)
return (MLRPC_DRC_FAULT_PARAM_0_UNIMPLEMENTED);
rids = MLRPC_HEAP_NEW(mxa, struct lsar_rid_entry2);
domain_table = MLRPC_HEAP_NEW(mxa, struct mslsa_domain_table);
domain_entry = MLRPC_HEAP_NEW(mxa, struct mslsa_domain_entry);
user_info = mlsvc_alloc_user_info();
if (rids == 0 || domain_table == 0 ||
domain_entry == 0 || user_info == 0) {
status = NT_STATUS_NO_MEMORY;
goto name_lookup2_failed;
}
account = (char *)param->name_table->names->str;
status = lsa_lookup_name(NULL, account, SidTypeUnknown, user_info);
if (status != NT_STATUS_SUCCESS)
goto name_lookup2_failed;
/*
* Set up the rid table.
*/
bzero(rids, sizeof (struct lsar_rid_entry2));
rids[0].sid_name_use = user_info->sid_name_use;
rids[0].rid = user_info->rid;
rids[0].domain_index = 0;
param->translated_sids.n_entry = 1;
param->translated_sids.rids = rids;
/*
* Set up the domain table.
*/
domain_table->entries = domain_entry;
domain_table->n_entry = 1;
domain_table->max_n_entry = MLSVC_DOMAIN_MAX;
rc = mlsvc_string_save((ms_string_t *)&domain_entry->domain_name,
user_info->domain_name, mxa);
domain_entry->domain_sid =
(struct mslsa_sid *)mlsvc_sid_save(user_info->domain_sid, mxa);
if (rc == 0 || domain_entry->domain_sid == NULL) {
status = NT_STATUS_NO_MEMORY;
goto name_lookup2_failed;
}
param->domain_table = domain_table;
param->mapped_count = 1;
param->status = 0;
mlsvc_free_user_info(user_info);
return (MLRPC_DRC_OK);
name_lookup2_failed:
mlsvc_free_user_info(user_info);
bzero(param, sizeof (struct lsar_LookupNames2));
param->status = NT_SC_ERROR(status);
return (MLRPC_DRC_OK);
}