samlib.c revision da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* This module provides the high level interface to the SAM RPC
* functions.
*/
#include <unistd.h>
#include <netdb.h>
#include <alloca.h>
#include <smbsrv/libmlsvc.h>
#include <smbsrv/ntstatus.h>
#include <smbsrv/ntaccess.h>
/*
* Valid values for the OEM OWF password encryption.
*/
#define SAM_PASSWORD_516 516
#define SAM_KEYLEN 16
/*
* sam_lookup_user_info
*
* Lookup user information in the SAM database on the specified server
* (domain controller). The LSA interface is used to obtain the user
* RID, the domain name and the domain SID (user privileges are TBD).
* Then the various SAM layers are opened using the domain SID and the
* user RID to obtain the users's group membership information.
*
* The information is returned in the user_info structure. The caller
* is responsible for allocating and releasing this structure. If the
* lookup is successful, sid_name_use will be set to SidTypeUser.
*
* On success 0 is returned. Otherwise a -ve error code.
*/
int
{
int rc;
return (-1);
return (-1);
}
if (rc != 0)
return (-1);
#if 0
if (rc != 0)
return (-1);
#endif
sid, &domain_handle);
if (status == 0) {
#if 0
#endif
if (rc == 0) {
(void) samr_close_handle(&user_handle);
}
(void) samr_close_handle(&domain_handle);
}
(void) samr_close_handle(&samr_handle);
return (rc);
}
/*
* get_user_group_info
*
* This is a private function to obtain the primary group and group
* memberships for the user specified by the user_handle. This function
* should only be called from sam_lookup_user_info.
*
* On success 0 is returned. Otherwise -1 is returned.
*/
static int
{
union samr_user_info sui;
int rc;
if (rc != 0)
return (-1);
if (rc != 0)
return (-1);
return (0);
}
/*
* sam_create_trust_account
*
* Create a trust account for this system.
*
* SAMR_AF_WORKSTATION_TRUST_ACCOUNT: servers and workstations.
* SAMR_AF_SERVER_TRUST_ACCOUNT: domain controllers.
*
* Returns NT status codes.
*/
{
char account_name[MAXHOSTNAMELEN];
return (NT_STATUS_NO_MEMORY);
if ((user_info = mlsvc_alloc_user_info()) == 0)
return (NT_STATUS_NO_MEMORY);
/*
* The trust account value here should match
* the value that will be used when the user
* information is set on this account.
*/
return (status);
}
/*
* sam_create_account
*
* Create the specified domain account in the SAM database on the
* domain controller.
*
* Account flags:
* SAMR_AF_NORMAL_ACCOUNT
* SAMR_AF_WORKSTATION_TRUST_ACCOUNT
* SAMR_AF_SERVER_TRUST_ACCOUNT
*
* Returns NT status codes.
*/
{
union samr_user_info sui;
int rc;
if (rc != 0) {
smb_tracef("SamCreateAccount[%s\\%s]: %s",
return (status);
}
(void) lsa_query_account_domain_info();
(void) samr_close_handle(&samr_handle);
smb_tracef("SamCreateAccount[%s\\%s]: %s",
return (status);
}
}
} else {
domain_name, user_info) != 0) {
(void) samr_close_handle(&samr_handle);
smb_tracef("SamCreateAccount[%s]: lookup failed",
return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO);
}
}
if (status == NT_STATUS_SUCCESS) {
if (status == NT_STATUS_SUCCESS) {
(void) samr_query_user_info(&user_handle,
(void) samr_get_user_pwinfo(&user_handle);
(void) samr_close_handle(&user_handle);
} else if (status == NT_STATUS_USER_EXISTS) {
if (rc == 0)
status = 0;
} else {
smb_tracef("SamCreateAccount[%s]: %s",
}
(void) samr_close_handle(&domain_handle);
} else {
smb_tracef("SamCreateAccount[%s]: open domain failed",
}
(void) samr_close_handle(&samr_handle);
return (status);
}
/*
* sam_remove_trust_account
*
* Attempt to remove the workstation trust account for this system.
* Administrator access is required to perform this operation.
*
* Returns NT status codes.
*/
{
char account_name[MAXHOSTNAMELEN];
return (NT_STATUS_NO_MEMORY);
}
/*
* sam_delete_account
*
* Attempt to remove an account from the SAM database on the specified
* server.
*
* Returns NT status codes.
*/
{
int rc;
if ((user_info = mlsvc_alloc_user_info()) == 0)
return (NT_STATUS_NO_MEMORY);
if (rc != 0) {
return (NT_STATUS_OPEN_FAILED);
}
(void) lsa_query_account_domain_info();
(void) samr_close_handle(&samr_handle);
return (NT_STATUS_NO_SUCH_DOMAIN);
}
}
} else {
if (samr_lookup_domain(
(void) samr_close_handle(&samr_handle);
return (NT_STATUS_NO_SUCH_DOMAIN);
}
}
sid, &domain_handle);
if (status == 0) {
if (status == 0) {
rid, &user_handle);
if (rc == 0) {
if (samr_delete_user(&user_handle) != 0)
(void) samr_close_handle(&user_handle);
}
}
(void) samr_close_handle(&domain_handle);
}
(void) samr_close_handle(&samr_handle);
return (status);
}
/*
* sam_lookup_name
*
* Lookup an account name in the SAM database on the specified domain
* controller. Provides the account RID on success.
*
* Returns NT status codes.
*/
{
struct samr_sid *domain_sid;
int rc;
*rid_ret = 0;
if ((user_info = mlsvc_alloc_user_info()) == 0)
return (NT_STATUS_NO_MEMORY);
if (rc != 0) {
return (NT_STATUS_OPEN_FAILED);
}
if (rc != 0) {
(void) samr_close_handle(&samr_handle);
return (NT_STATUS_NO_SUCH_DOMAIN);
}
if (status == 0) {
if (status == 0)
(void) samr_close_handle(&domain_handle);
}
(void) samr_close_handle(&samr_handle);
return (status);
}
/*
* sam_get_local_domains
*
* Query a remote server to get the list of local domains that it
* supports.
*
* Returns NT status codes.
*/
{
int rc;
if (rc != 0)
return (NT_STATUS_OPEN_FAILED);
(void) samr_close_handle(&samr_handle);
return (status);
}
/*
* sam_oem_password
*
* Generate an OEM password.
*/
unsigned char *old_password)
{
int length;
#ifdef PBSHORTCUT
#endif /* PBSHORTCUT */
(char *)new_password, length);
return (0);
}