2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * Security Accounts Manager RPC (SAMR) client-side interface. 2N/A * The SAM is a hierarchical database: 2N/A * - If you want to talk to the SAM you need a SAM handle. 2N/A * - If you want to work with a domain, use the SAM handle. 2N/A * to obtain a domain handle. 2N/A * - Use domain handles to obtain user handles etc. 2N/A * Be careful about returning null handles to the application. Use of a 2N/A * null handle may crash the domain controller if you attempt to use it. 2N/A/*LINTED E_STATIC_UNUSED*/ 2N/A * Wrapper round samr_connect to ensure that we connect using the server 2N/A * and domain. We default to the resource domain if the caller doesn't 2N/A * supply a server name and a domain name. 2N/A * If username argument is NULL, an anonymous connection will be established. 2N/A * Otherwise, an authenticated connection will be established. 2N/A * On success 0 is returned. Otherwise a -ve error code. 2N/A * Connect to the SAMR service on the specified server (domain controller). 2N/A * New SAM connect calls have been added to Windows over time: 2N/A * Windows NT3.x: SamrConnect 2N/A * Windows NT4.0: SamrConnect2 2N/A * Windows 2000: SamrConnect4 2N/A * Windows XP: SamrConnect5 2N/A * Try the calls from most recent to oldest until the server responds with 2N/A * something other than an RPC protocol error. We don't use the original 2N/A * connect call because all supported servers should support SamrConnect2. 2N/A * Original SAMR connect call; probably used on Windows NT 3.51. 2N/A * Windows 95 uses this call with the srvmgr tools update. 2N/A * Servername appears to be a dword rather than a string. 2N/A * The first word contains '\' and the second word contains 0x001, 2N/A * (which is probably uninitialized junk: 0x0001005c. 2N/A * Connect to the SAM on a Windows NT 4.0 server (domain controller). 2N/A * We need the domain controller name and, if everything works, we 2N/A * return a handle. This function adds the double backslash prefx to 2N/A * make it easy for applications. 2N/A * Returns 0 on success. Otherwise returns a -ve error code. 2N/A * Connect to the SAM on a Windows 2000 domain controller. 2N/A * Connect to the SAM on a Windows XP domain controller. On Windows 2N/A * XP, the server should be the fully qualified DNS domain name with 2N/A * a double backslash prefix. At this point, it is assumed that we 2N/A * need to add the prefix and the DNS domain name here. 2N/A * If this call succeeds, a SAMR handle is placed in samr_handle and 2N/A * zero is returned. Otherwise, a -ve error code is returned. 2N/A * This is function closes any valid handle, i.e. sam, domain, user etc. 2N/A * If the handle being closed is the top level connect handle, we unbind. 2N/A * Then we zero out the handle to invalidate it. 2N/A * We use a SAM handle to obtain a handle for a domain, specified by 2N/A * the SID. The SID can be obtain via the LSA interface. A handle for 2N/A * the domain is returned in domain_handle. 2N/A * Use a domain handle to obtain a handle for a user, specified by the 2N/A * user RID. A user RID (effectively a uid) can be obtained via the 2N/A * LSA interface. A handle for the user is returned in user_handle. 2N/A * Once you have a user handle it should be possible to query the SAM 2N/A * for information on that user. 2N/A * Delete the user specified by the user_handle. 2N/A * Use a domain handle to obtain a handle for a group, specified by the 2N/A * group RID. A group RID (effectively a gid) can be obtained via the 2N/A * LSA interface. A handle for the group is returned in group_handle. 2N/A * Once you have a group handle it should be possible to query the SAM 2N/A * for information on that group. 2N/A * Create a user in the domain specified by the domain handle. If this 2N/A * call is successful, the server will return the RID for the user and 2N/A * a user handle, which may be used to set or query the SAM. 2N/A * Observed status codes: 2N/A * NT_STATUS_INVALID_PARAMETER 2N/A * NT_STATUS_INVALID_ACCOUNT_NAME 2N/A * NT_STATUS_ACCESS_DENIED 2N/A * NT_STATUS_USER_EXISTS 2N/A * Returns 0 on success. Otherwise returns an NT status code. 2N/A * samr_lookup_domain 2N/A * Lookup up the domain SID for the specified domain name. The handle 2N/A * should be one returned from samr_connect. The allocated memory for 2N/A * the returned SID must be freed by caller. 2N/A * samr_enum_local_domains 2N/A * Get the list of local domains supported by a server. 2N/A * Returns NT status codes. 2N/A * Handle none-mapped status quietly. 2N/A * samr_lookup_domain_names 2N/A * Lookup up the given name in the domain specified by domain_handle. 2N/A * Upon a successful lookup the information is returned in the account 2N/A * arg and caller must free allocated memories by calling smb_account_free(). 2N/A * Returns NT status codes. 2N/A * Handle none-mapped status quietly. 2N/A * samr_query_user_info 2N/A * Query information on a specific user. The handle must be a valid 2N/A * user handle obtained via samr_open_user. 2N/A * Returns 0 on success, otherwise returns -ve error code. 2N/A * samr_setup_user_info 2N/A * Private function to set up the samr_user_info data. Dependent on 2N/A * the switch value this function may use strdup which will malloc 2N/A * memory. The caller is responsible for deallocating this memory. 2N/A * Returns 0 on success, otherwise returns -1. 2N/A * samr_query_user_groups 2N/A * Query the groups for a specific user. The handle must be a valid 2N/A * user handle obtained via samr_open_user. The list of groups is 2N/A * returned in group_info. Note that group_info->groups is allocated 2N/A * using malloc. The caller is responsible for deallocating this 2N/A * memory when it is no longer required. If group_info->n_entry is 0 2N/A * then no memory was allocated. 2N/A * Returns 0 on success, otherwise returns -1. 2N/A * samr_get_user_pwinfo 2N/A * Get some user password info. I'm not sure what this is yet but it is 2N/A * part of the create user sequence. The handle must be a valid user 2N/A * handle. Since I don't know what this is returning, I haven't provided 2N/A * any return data yet. 2N/A * Returns 0 on success. Otherwise returns an NT status code. 2N/A * samr_set_user_info 2N/A * Returns 0 on success. Otherwise returns an NT status code. 2N/A * NT status codes observed so far: 2N/A * NT_STATUS_WRONG_PASSWORD 2N/A * The trust account value used here should probably 2N/A * match the one used to create the trust account. 2N/A * samr_set_user_logon_hours 2N/A * SamrSetUserInfo appears to contain some logon hours information, which 2N/A * looks like a varying, conformant array. The top level contains a value 2N/A * (units), which probably indicates the how to interpret the array. The 2N/A * array definition looks like it contains a maximum size, an initial 2N/A * offset and a bit length (units/8), followed by the bitmap. 2N/A * | hours |-->+-----------+ 2N/A * +-------+ | max_is | 2N/A * +------------------------+ 2N/A * | bitmap[length_is] | 2N/A * +---------+--------------+ 2N/A * In the netmon examples seen so far, all bits are set to 1, i.e. 2N/A * an array containing 0xff. This is probably the default setting. 2N/A * ndrgen has a problem with complex [size_is] statements (length/8). 2N/A * So, for now, we fake it using two separate components (samr_logon_info and 2N/A * samr_logon_hours NDR structures). 2N/A * samr_set_user_password 2N/A * Set the initial password for the user. 2N/A * The OEM password is generated using the machine password and the user 2N/A * session key(nt_key). 2N/A * Returns 0 if everything goes well, -1 if there is trouble generating a 2N/A /*LINTED E_BAD_PTR_CAST_ALIGN*/