rpc_client/cli_lsarpc.c

説明を見る。
00001 /* 
00002    Unix SMB/CIFS implementation.
00003    RPC pipe client
00004    Copyright (C) Tim Potter                        2000-2001,
00005    Copyright (C) Andrew Tridgell              1992-1997,2000,
00006    Copyright (C) Rafal Szczesniak                       2002
00007    Copyright (C) Jeremy Allison                         2005.
00008    
00009    This program is free software; you can redistribute it and/or modify
00010    it under the terms of the GNU General Public License as published by
00011    the Free Software Foundation; either version 2 of the License, or
00012    (at your option) any later version.
00013    
00014    This program is distributed in the hope that it will be useful,
00015    but WITHOUT ANY WARRANTY; without even the implied warranty of
00016    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00017    GNU General Public License for more details.
00018    
00019    You should have received a copy of the GNU General Public License
00020    along with this program; if not, write to the Free Software
00021    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00022 */
00023 
00024 #include "includes.h"
00025 
00026 /** @defgroup lsa LSA - Local Security Architecture
00027  *  @ingroup rpc_client
00028  *
00029  * @{
00030  **/
00031 
00032 /**
00033  * @file cli_lsarpc.c
00034  *
00035  * RPC client routines for the LSA RPC pipe.  LSA means "local
00036  * security authority", which is half of a password database.
00037  **/
00038 
00039 /** Open a LSA policy handle
00040  *
00041  * @param cli Handle on an initialised SMB connection */
00042 
00043 NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli,
00044                                 TALLOC_CTX *mem_ctx,
00045                                 BOOL sec_qos, uint32 des_access,
00046                                 POLICY_HND *pol)
00047 {
00048         prs_struct qbuf, rbuf;
00049         LSA_Q_OPEN_POL q;
00050         LSA_R_OPEN_POL r;
00051         LSA_SEC_QOS qos;
00052         NTSTATUS result;
00053 
00054         ZERO_STRUCT(q);
00055         ZERO_STRUCT(r);
00056 
00057         /* Initialise input parameters */
00058 
00059         if (sec_qos) {
00060                 init_lsa_sec_qos(&qos, 2, 1, 0);
00061                 init_q_open_pol(&q, '\\', 0, des_access, &qos);
00062         } else {
00063                 init_q_open_pol(&q, '\\', 0, des_access, NULL);
00064         }
00065 
00066         /* Marshall data and send request */
00067 
00068         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY,
00069                         q, r,
00070                         qbuf, rbuf,
00071                         lsa_io_q_open_pol,
00072                         lsa_io_r_open_pol,
00073                         NT_STATUS_UNSUCCESSFUL );
00074 
00075         /* Return output parameters */
00076 
00077         result = r.status;
00078 
00079         if (NT_STATUS_IS_OK(result)) {
00080                 *pol = r.pol;
00081 #ifdef __INSURE__
00082                 pol->marker = MALLOC(1);
00083 #endif
00084         }
00085 
00086         return result;
00087 }
00088 
00089 /** Open a LSA policy handle
00090   *
00091   * @param cli Handle on an initialised SMB connection 
00092   */
00093 
00094 NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
00095                                  TALLOC_CTX *mem_ctx, BOOL sec_qos,
00096                                  uint32 des_access, POLICY_HND *pol)
00097 {
00098         prs_struct qbuf, rbuf;
00099         LSA_Q_OPEN_POL2 q;
00100         LSA_R_OPEN_POL2 r;
00101         LSA_SEC_QOS qos;
00102         NTSTATUS result;
00103         char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
00104 
00105         ZERO_STRUCT(q);
00106         ZERO_STRUCT(r);
00107 
00108         if (sec_qos) {
00109                 init_lsa_sec_qos(&qos, 2, 1, 0);
00110                 init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos);
00111         } else {
00112                 init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL);
00113         }
00114 
00115         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2,
00116                         q, r,
00117                         qbuf, rbuf,
00118                         lsa_io_q_open_pol2,
00119                         lsa_io_r_open_pol2,
00120                         NT_STATUS_UNSUCCESSFUL );
00121 
00122         /* Return output parameters */
00123 
00124         result = r.status;
00125 
00126         if (NT_STATUS_IS_OK(result)) {
00127                 *pol = r.pol;
00128 #ifdef __INSURE__
00129                 pol->marker = (char *)malloc(1);
00130 #endif
00131         }
00132 
00133         return result;
00134 }
00135 
00136 /** Close a LSA policy handle */
00137 
00138 NTSTATUS rpccli_lsa_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
00139                           POLICY_HND *pol)
00140 {
00141         prs_struct qbuf, rbuf;
00142         LSA_Q_CLOSE q;
00143         LSA_R_CLOSE r;
00144         NTSTATUS result;
00145 
00146         ZERO_STRUCT(q);
00147         ZERO_STRUCT(r);
00148 
00149         init_lsa_q_close(&q, pol);
00150 
00151         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CLOSE,
00152                         q, r,
00153                         qbuf, rbuf,
00154                         lsa_io_q_close,
00155                         lsa_io_r_close,
00156                         NT_STATUS_UNSUCCESSFUL );
00157 
00158         /* Return output parameters */
00159 
00160         result = r.status;
00161 
00162         if (NT_STATUS_IS_OK(result)) {
00163 #ifdef __INSURE__
00164                 SAFE_FREE(pol->marker);
00165 #endif
00166                 *pol = r.pol;
00167         }
00168 
00169         return result;
00170 }
00171 
00172 /** Lookup a list of sids */
00173 
00174 NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
00175                                 TALLOC_CTX *mem_ctx,
00176                                 POLICY_HND *pol, int num_sids,
00177                                 const DOM_SID *sids, 
00178                                 char ***domains, char ***names, uint32 **types)
00179 {
00180         prs_struct qbuf, rbuf;
00181         LSA_Q_LOOKUP_SIDS q;
00182         LSA_R_LOOKUP_SIDS r;
00183         DOM_R_REF ref;
00184         NTSTATUS result = NT_STATUS_OK;
00185         int i;
00186 
00187         ZERO_STRUCT(q);
00188         ZERO_STRUCT(r);
00189 
00190         init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
00191 
00192         ZERO_STRUCT(ref);
00193 
00194         r.dom_ref = &ref;
00195 
00196         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
00197                         q, r,
00198                         qbuf, rbuf,
00199                         lsa_io_q_lookup_sids,
00200                         lsa_io_r_lookup_sids,
00201                         NT_STATUS_UNSUCCESSFUL );
00202 
00203         if (!NT_STATUS_IS_OK(r.status) &&
00204             NT_STATUS_V(r.status) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
00205           
00206                 /* An actual error occured */
00207                 result = r.status;
00208 
00209                 goto done;
00210         }
00211 
00212         /* Return output parameters */
00213 
00214         if (r.mapped_count == 0) {
00215                 result = NT_STATUS_NONE_MAPPED;
00216                 goto done;
00217         }
00218 
00219         if (num_sids) {
00220                 if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
00221                         DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
00222                         result = NT_STATUS_NO_MEMORY;
00223                         goto done;
00224                 }
00225 
00226                 if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
00227                         DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
00228                         result = NT_STATUS_NO_MEMORY;
00229                         goto done;
00230                 }
00231 
00232                 if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) {
00233                         DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
00234                         result = NT_STATUS_NO_MEMORY;
00235                         goto done;
00236                 }
00237         } else {
00238                 (*domains) = NULL;
00239                 (*names) = NULL;
00240                 (*types) = NULL;
00241         }
00242                 
00243         for (i = 0; i < num_sids; i++) {
00244                 fstring name, dom_name;
00245                 uint32 dom_idx = r.names.name[i].domain_idx;
00246 
00247                 /* Translate optimised name through domain index array */
00248 
00249                 if (dom_idx != 0xffffffff) {
00250 
00251                         rpcstr_pull_unistr2_fstring(
00252                                 dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
00253                         rpcstr_pull_unistr2_fstring(
00254                                 name, &r.names.uni_name[i]);
00255 
00256                         (*names)[i] = talloc_strdup(mem_ctx, name);
00257                         (*domains)[i] = talloc_strdup(mem_ctx, dom_name);
00258                         (*types)[i] = r.names.name[i].sid_name_use;
00259                         
00260                         if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) {
00261                                 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
00262                                 result = NT_STATUS_UNSUCCESSFUL;
00263                                 goto done;
00264                         }
00265 
00266                 } else {
00267                         (*names)[i] = NULL;
00268                         (*domains)[i] = NULL;
00269                         (*types)[i] = SID_NAME_UNKNOWN;
00270                 }
00271         }
00272 
00273  done:
00274 
00275         return result;
00276 }
00277 
00278 /** Lookup a list of names */
00279 
00280 NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
00281                                  TALLOC_CTX *mem_ctx,
00282                                  POLICY_HND *pol, int num_names, 
00283                                  const char **names,
00284                                  const char ***dom_names,
00285                                  DOM_SID **sids,
00286                                  uint32 **types)
00287 {
00288         prs_struct qbuf, rbuf;
00289         LSA_Q_LOOKUP_NAMES q;
00290         LSA_R_LOOKUP_NAMES r;
00291         DOM_R_REF ref;
00292         NTSTATUS result;
00293         int i;
00294         
00295         ZERO_STRUCT(q);
00296         ZERO_STRUCT(r);
00297 
00298         ZERO_STRUCT(ref);
00299         r.dom_ref = &ref;
00300 
00301         init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
00302 
00303         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES,
00304                         q, r,
00305                         qbuf, rbuf,
00306                         lsa_io_q_lookup_names,
00307                         lsa_io_r_lookup_names,
00308                         NT_STATUS_UNSUCCESSFUL);
00309 
00310         result = r.status;
00311 
00312         if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
00313             NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
00314 
00315                 /* An actual error occured */
00316 
00317                 goto done;
00318         }
00319 
00320         /* Return output parameters */
00321 
00322         if (r.mapped_count == 0) {
00323                 result = NT_STATUS_NONE_MAPPED;
00324                 goto done;
00325         }
00326 
00327         if (num_names) {
00328                 if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) {
00329                         DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
00330                         result = NT_STATUS_NO_MEMORY;
00331                         goto done;
00332                 }
00333 
00334                 if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) {
00335                         DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
00336                         result = NT_STATUS_NO_MEMORY;
00337                         goto done;
00338                 }
00339 
00340                 if (dom_names != NULL) {
00341                         *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
00342                         if (*dom_names == NULL) {
00343                                 DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
00344                                 result = NT_STATUS_NO_MEMORY;
00345                                 goto done;
00346                         }
00347                 }
00348         } else {
00349                 *sids = NULL;
00350                 *types = NULL;
00351                 if (dom_names != NULL) {
00352                         *dom_names = NULL;
00353                 }
00354         }
00355 
00356         for (i = 0; i < num_names; i++) {
00357                 DOM_RID *t_rids = r.dom_rid;
00358                 uint32 dom_idx = t_rids[i].rid_idx;
00359                 uint32 dom_rid = t_rids[i].rid;
00360                 DOM_SID *sid = &(*sids)[i];
00361 
00362                 /* Translate optimised sid through domain index array */
00363 
00364                 if (dom_idx == 0xffffffff) {
00365                         /* Nothing to do, this is unknown */
00366                         ZERO_STRUCTP(sid);
00367                         (*types)[i] = SID_NAME_UNKNOWN;
00368                         continue;
00369                 }
00370 
00371                 sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
00372 
00373                 if (dom_rid != 0xffffffff) {
00374                         sid_append_rid(sid, dom_rid);
00375                 }
00376 
00377                 (*types)[i] = t_rids[i].type;
00378 
00379                 if (dom_names == NULL) {
00380                         continue;
00381                 }
00382 
00383                 (*dom_names)[i] = rpcstr_pull_unistr2_talloc(
00384                         *dom_names, &ref.ref_dom[dom_idx].uni_dom_name);
00385         }
00386 
00387  done:
00388 
00389         return result;
00390 }
00391 
00392 NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00393                                           POLICY_HND *pol, uint16 info_class,
00394                                           LSA_INFO_CTR *ctr) 
00395 {
00396         prs_struct qbuf, rbuf;
00397         LSA_Q_QUERY_INFO q;
00398         LSA_R_QUERY_INFO r;
00399         NTSTATUS result;
00400 
00401         ZERO_STRUCT(q);
00402         ZERO_STRUCT(r);
00403 
00404         init_q_query(&q, pol, info_class);
00405 
00406         CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
00407                 q, r,
00408                 qbuf, rbuf,
00409                 lsa_io_q_query,
00410                 lsa_io_r_query,
00411                 NT_STATUS_UNSUCCESSFUL);
00412 
00413         result = r.status;
00414 
00415         if (!NT_STATUS_IS_OK(result)) {
00416                 goto done;
00417         }
00418 
00419  done:
00420 
00421         *ctr = r.ctr;
00422         
00423         return result;
00424 }
00425 
00426 NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00427                                           POLICY_HND *pol, uint16 info_class,
00428                                           LSA_INFO_CTR2 *ctr) 
00429 {
00430         prs_struct qbuf, rbuf;
00431         LSA_Q_QUERY_INFO2 q;
00432         LSA_R_QUERY_INFO2 r;
00433         NTSTATUS result;
00434 
00435         ZERO_STRUCT(q);
00436         ZERO_STRUCT(r);
00437 
00438         init_q_query2(&q, pol, info_class);
00439 
00440         CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
00441                 q, r,
00442                 qbuf, rbuf,
00443                 lsa_io_q_query_info2,
00444                 lsa_io_r_query_info2,
00445                 NT_STATUS_UNSUCCESSFUL);
00446 
00447         result = r.status;
00448 
00449         if (!NT_STATUS_IS_OK(result)) {
00450                 goto done;
00451         }
00452 
00453  done:
00454 
00455         *ctr = r.ctr;
00456         
00457         return result;
00458 }
00459 
00460 
00461 
00462 /** Query info policy
00463  *
00464  *  @param domain_sid - returned remote server's domain sid */
00465 
00466 NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli,
00467                                       TALLOC_CTX *mem_ctx,
00468                                       POLICY_HND *pol, uint16 info_class, 
00469                                       char **domain_name, DOM_SID **domain_sid)
00470 {
00471         prs_struct qbuf, rbuf;
00472         LSA_Q_QUERY_INFO q;
00473         LSA_R_QUERY_INFO r;
00474         NTSTATUS result;
00475 
00476         ZERO_STRUCT(q);
00477         ZERO_STRUCT(r);
00478 
00479         init_q_query(&q, pol, info_class);
00480 
00481         CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
00482                 q, r,
00483                 qbuf, rbuf,
00484                 lsa_io_q_query,
00485                 lsa_io_r_query,
00486                 NT_STATUS_UNSUCCESSFUL);
00487 
00488         result = r.status;
00489 
00490         if (!NT_STATUS_IS_OK(result)) {
00491                 goto done;
00492         }
00493 
00494         /* Return output parameters */
00495 
00496         switch (info_class) {
00497 
00498         case 3:
00499                 if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) {
00500                         *domain_name = unistr2_tdup(mem_ctx, 
00501                                                    &r.ctr.info.id3.
00502                                                    uni_domain_name);
00503                         if (!*domain_name) {
00504                                 return NT_STATUS_NO_MEMORY;
00505                         }
00506                 }
00507 
00508                 if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) {
00509                         *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
00510                         if (!*domain_sid) {
00511                                 return NT_STATUS_NO_MEMORY;
00512                         }
00513                         sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid);
00514                 }
00515 
00516                 break;
00517 
00518         case 5:
00519                 
00520                 if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) {
00521                         *domain_name = unistr2_tdup(mem_ctx, 
00522                                                    &r.ctr.info.id5.
00523                                                    uni_domain_name);
00524                         if (!*domain_name) {
00525                                 return NT_STATUS_NO_MEMORY;
00526                         }
00527                 }
00528                         
00529                 if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) {
00530                         *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
00531                         if (!*domain_sid) {
00532                                 return NT_STATUS_NO_MEMORY;
00533                         }
00534                         sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid);
00535                 }
00536                 break;
00537                         
00538         default:
00539                 DEBUG(3, ("unknown info class %d\n", info_class));
00540                 break;                
00541         }
00542         
00543  done:
00544 
00545         return result;
00546 }
00547 
00548 /** Query info policy2
00549  *
00550  *  @param domain_name - returned remote server's domain name
00551  *  @param dns_name - returned remote server's dns domain name
00552  *  @param forest_name - returned remote server's forest name
00553  *  @param domain_guid - returned remote server's domain guid
00554  *  @param domain_sid - returned remote server's domain sid */
00555 
00556 NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
00557                                        TALLOC_CTX *mem_ctx,
00558                                        POLICY_HND *pol, uint16 info_class, 
00559                                        char **domain_name, char **dns_name,
00560                                        char **forest_name,
00561                                        struct GUID **domain_guid,
00562                                        DOM_SID **domain_sid)
00563 {
00564         prs_struct qbuf, rbuf;
00565         LSA_Q_QUERY_INFO2 q;
00566         LSA_R_QUERY_INFO2 r;
00567         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
00568 
00569         if (info_class != 12)
00570                 goto done;
00571 
00572         ZERO_STRUCT(q);
00573         ZERO_STRUCT(r);
00574 
00575         init_q_query2(&q, pol, info_class);
00576 
00577         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
00578                 q, r,
00579                 qbuf, rbuf,
00580                 lsa_io_q_query_info2,
00581                 lsa_io_r_query_info2,
00582                 NT_STATUS_UNSUCCESSFUL);
00583 
00584         result = r.status;
00585 
00586         if (!NT_STATUS_IS_OK(result)) {
00587                 goto done;
00588         }
00589 
00590         /* Return output parameters */
00591 
00592         ZERO_STRUCTP(domain_guid);
00593 
00594         if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) {
00595                 *domain_name = unistr2_tdup(mem_ctx, 
00596                                             &r.ctr.info.id12
00597                                             .uni_nb_dom_name);
00598                 if (!*domain_name) {
00599                         return NT_STATUS_NO_MEMORY;
00600                 }
00601         }
00602         if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) {
00603                 *dns_name = unistr2_tdup(mem_ctx, 
00604                                          &r.ctr.info.id12
00605                                          .uni_dns_dom_name);
00606                 if (!*dns_name) {
00607                         return NT_STATUS_NO_MEMORY;
00608                 }
00609         }
00610         if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) {
00611                 *forest_name = unistr2_tdup(mem_ctx, 
00612                                             &r.ctr.info.id12
00613                                             .uni_forest_name);
00614                 if (!*forest_name) {
00615                         return NT_STATUS_NO_MEMORY;
00616                 }
00617         }
00618         
00619         if (domain_guid) {
00620                 *domain_guid = TALLOC_P(mem_ctx, struct GUID);
00621                 if (!*domain_guid) {
00622                         return NT_STATUS_NO_MEMORY;
00623                 }
00624                 memcpy(*domain_guid, 
00625                        &r.ctr.info.id12.dom_guid, 
00626                        sizeof(struct GUID));
00627         }
00628 
00629         if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) {
00630                 *domain_sid = TALLOC_P(mem_ctx, DOM_SID);
00631                 if (!*domain_sid) {
00632                         return NT_STATUS_NO_MEMORY;
00633                 }
00634                 sid_copy(*domain_sid, 
00635                          &r.ctr.info.id12.dom_sid.sid);
00636         }
00637         
00638  done:
00639 
00640         return result;
00641 }
00642 
00643 NTSTATUS rpccli_lsa_set_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00644                                     POLICY_HND *pol, uint16 info_class,
00645                                     LSA_INFO_CTR ctr) 
00646 {
00647         prs_struct qbuf, rbuf;
00648         LSA_Q_SET_INFO q;
00649         LSA_R_SET_INFO r;
00650         NTSTATUS result;
00651 
00652         ZERO_STRUCT(q);
00653         ZERO_STRUCT(r);
00654 
00655         init_q_set(&q, pol, info_class, ctr);
00656 
00657         CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_SETINFOPOLICY,
00658                 q, r,
00659                 qbuf, rbuf,
00660                 lsa_io_q_set,
00661                 lsa_io_r_set,
00662                 NT_STATUS_UNSUCCESSFUL);
00663 
00664         result = r.status;
00665 
00666         if (!NT_STATUS_IS_OK(result)) {
00667                 goto done;
00668         }
00669 
00670         /* Return output parameters */
00671 
00672  done:
00673 
00674         return result;
00675 }
00676 
00677 
00678 /**
00679  * Enumerate list of trusted domains
00680  *
00681  * @param cli client state (cli_state) structure of the connection
00682  * @param mem_ctx memory context
00683  * @param pol opened lsa policy handle
00684  * @param enum_ctx enumeration context ie. index of first returned domain entry
00685  * @param pref_num_domains preferred max number of entries returned in one response
00686  * @param num_domains total number of trusted domains returned by response
00687  * @param domain_names returned trusted domain names
00688  * @param domain_sids returned trusted domain sids
00689  *
00690  * @return nt status code of response
00691  **/
00692 
00693 NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
00694                                    TALLOC_CTX *mem_ctx,
00695                                    POLICY_HND *pol, uint32 *enum_ctx, 
00696                                    uint32 *num_domains,
00697                                    char ***domain_names, DOM_SID **domain_sids)
00698 {
00699         prs_struct qbuf, rbuf;
00700         LSA_Q_ENUM_TRUST_DOM in;
00701         LSA_R_ENUM_TRUST_DOM out;
00702         int i;
00703         fstring tmp;
00704 
00705         ZERO_STRUCT(in);
00706         ZERO_STRUCT(out);
00707 
00708         /* 64k is enough for about 2000 trusted domains */
00709         
00710         init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000);
00711 
00712         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM, 
00713                     in, out, 
00714                     qbuf, rbuf,
00715                     lsa_io_q_enum_trust_dom,
00716                     lsa_io_r_enum_trust_dom, 
00717                     NT_STATUS_UNSUCCESSFUL );
00718 
00719 
00720         /* check for an actual error */
00721 
00722         if ( !NT_STATUS_IS_OK(out.status) 
00723                 && !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES) 
00724                 && !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) )
00725         {
00726                 return out.status;
00727         }
00728                 
00729         /* Return output parameters */
00730 
00731         *num_domains  = out.count;
00732         *enum_ctx     = out.enum_context;
00733         
00734         if ( out.count ) {
00735 
00736                 /* Allocate memory for trusted domain names and sids */
00737 
00738                 if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) {
00739                         DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
00740                         return NT_STATUS_NO_MEMORY;
00741                 }
00742 
00743                 if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) {
00744                         DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
00745                         return NT_STATUS_NO_MEMORY;
00746                 }
00747 
00748                 /* Copy across names and sids */
00749 
00750                 for (i = 0; i < out.count; i++) {
00751 
00752                         rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer, 
00753                                 sizeof(tmp), out.domlist->domains[i].name.length, 0);
00754                         (*domain_names)[i] = talloc_strdup(mem_ctx, tmp);
00755 
00756                         sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid );
00757                 }
00758         }
00759 
00760         return out.status;
00761 }
00762 
00763 /** Enumerate privileges*/
00764 
00765 NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00766                                 POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
00767                                 uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
00768 {
00769         prs_struct qbuf, rbuf;
00770         LSA_Q_ENUM_PRIVS q;
00771         LSA_R_ENUM_PRIVS r;
00772         NTSTATUS result;
00773         int i;
00774 
00775         ZERO_STRUCT(q);
00776         ZERO_STRUCT(r);
00777 
00778         init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
00779 
00780         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS,
00781                 q, r,
00782                 qbuf, rbuf,
00783                 lsa_io_q_enum_privs,
00784                 lsa_io_r_enum_privs,
00785                 NT_STATUS_UNSUCCESSFUL);
00786 
00787         result = r.status;
00788 
00789         if (!NT_STATUS_IS_OK(result)) {
00790                 goto done;
00791         }
00792 
00793         /* Return output parameters */
00794 
00795         *enum_context = r.enum_context;
00796         *count = r.count;
00797 
00798         if (r.count) {
00799                 if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) {
00800                         DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
00801                         result = NT_STATUS_UNSUCCESSFUL;
00802                         goto done;
00803                 }
00804 
00805                 if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
00806                         DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
00807                         result = NT_STATUS_UNSUCCESSFUL;
00808                         goto done;
00809                 }
00810 
00811                 if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
00812                         DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
00813                         result = NT_STATUS_UNSUCCESSFUL;
00814                         goto done;
00815                 }
00816         } else {
00817                 *privs_name = NULL;
00818                 *privs_high = NULL;
00819                 *privs_low = NULL;
00820         }
00821 
00822         for (i = 0; i < r.count; i++) {
00823                 fstring name;
00824 
00825                 rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
00826 
00827                 (*privs_name)[i] = talloc_strdup(mem_ctx, name);
00828 
00829                 (*privs_high)[i] = r.privs[i].luid_high;
00830                 (*privs_low)[i] = r.privs[i].luid_low;
00831         }
00832 
00833  done:
00834 
00835         return result;
00836 }
00837 
00838 /** Get privilege name */
00839 
00840 NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00841                               POLICY_HND *pol, const char *name, 
00842                               uint16 lang_id, uint16 lang_id_sys,
00843                               fstring description, uint16 *lang_id_desc)
00844 {
00845         prs_struct qbuf, rbuf;
00846         LSA_Q_PRIV_GET_DISPNAME q;
00847         LSA_R_PRIV_GET_DISPNAME r;
00848         NTSTATUS result;
00849 
00850         ZERO_STRUCT(q);
00851         ZERO_STRUCT(r);
00852 
00853         init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
00854 
00855         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME,
00856                 q, r,
00857                 qbuf, rbuf,
00858                 lsa_io_q_priv_get_dispname,
00859                 lsa_io_r_priv_get_dispname,
00860                 NT_STATUS_UNSUCCESSFUL);
00861 
00862         result = r.status;
00863 
00864         if (!NT_STATUS_IS_OK(result)) {
00865                 goto done;
00866         }
00867 
00868         /* Return output parameters */
00869         
00870         rpcstr_pull_unistr2_fstring(description , &r.desc);
00871         *lang_id_desc = r.lang_id;
00872 
00873  done:
00874 
00875         return result;
00876 }
00877 
00878 /** Enumerate list of SIDs  */
00879 
00880 NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00881                                 POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, 
00882                                 uint32 *num_sids, DOM_SID **sids)
00883 {
00884         prs_struct qbuf, rbuf;
00885         LSA_Q_ENUM_ACCOUNTS q;
00886         LSA_R_ENUM_ACCOUNTS r;
00887         NTSTATUS result;
00888         int i;
00889 
00890         ZERO_STRUCT(q);
00891         ZERO_STRUCT(r);
00892 
00893         init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
00894 
00895         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS,
00896                 q, r,
00897                 qbuf, rbuf,
00898                 lsa_io_q_enum_accounts,
00899                 lsa_io_r_enum_accounts,
00900                 NT_STATUS_UNSUCCESSFUL);
00901 
00902         result = r.status;
00903 
00904         if (!NT_STATUS_IS_OK(result)) {
00905                 goto done;
00906         }
00907 
00908         if (r.sids.num_entries==0)
00909                 goto done;
00910 
00911         /* Return output parameters */
00912 
00913         *sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
00914         if (!*sids) {
00915                 DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
00916                 result = NT_STATUS_UNSUCCESSFUL;
00917                 goto done;
00918         }
00919 
00920         /* Copy across names and sids */
00921 
00922         for (i = 0; i < r.sids.num_entries; i++) {
00923                 sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
00924         }
00925 
00926         *num_sids= r.sids.num_entries;
00927         *enum_ctx = r.enum_context;
00928 
00929  done:
00930 
00931         return result;
00932 }
00933 
00934 /** Create a LSA user handle
00935  *
00936  * @param cli Handle on an initialised SMB connection
00937  *
00938  * FIXME: The code is actually identical to open account
00939  * TODO: Check and code what the function should exactly do
00940  *
00941  * */
00942 
00943 NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00944                              POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, 
00945                              POLICY_HND *user_pol)
00946 {
00947         prs_struct qbuf, rbuf;
00948         LSA_Q_CREATEACCOUNT q;
00949         LSA_R_CREATEACCOUNT r;
00950         NTSTATUS result;
00951 
00952         ZERO_STRUCT(q);
00953         ZERO_STRUCT(r);
00954 
00955         /* Initialise input parameters */
00956 
00957         init_lsa_q_create_account(&q, dom_pol, sid, desired_access);
00958 
00959         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT,
00960                 q, r,
00961                 qbuf, rbuf,
00962                 lsa_io_q_create_account,
00963                 lsa_io_r_create_account,
00964                 NT_STATUS_UNSUCCESSFUL);
00965 
00966         /* Return output parameters */
00967 
00968         result = r.status;
00969 
00970         if (NT_STATUS_IS_OK(result)) {
00971                 *user_pol = r.pol;
00972         }
00973 
00974         return result;
00975 }
00976 
00977 /** Open a LSA user handle
00978  *
00979  * @param cli Handle on an initialised SMB connection */
00980 
00981 NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
00982                              POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, 
00983                              POLICY_HND *user_pol)
00984 {
00985         prs_struct qbuf, rbuf;
00986         LSA_Q_OPENACCOUNT q;
00987         LSA_R_OPENACCOUNT r;
00988         NTSTATUS result;
00989 
00990         ZERO_STRUCT(q);
00991         ZERO_STRUCT(r);
00992 
00993         /* Initialise input parameters */
00994 
00995         init_lsa_q_open_account(&q, dom_pol, sid, des_access);
00996 
00997         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT,
00998                 q, r,
00999                 qbuf, rbuf,
01000                 lsa_io_q_open_account,
01001                 lsa_io_r_open_account,
01002                 NT_STATUS_UNSUCCESSFUL);
01003 
01004         /* Return output parameters */
01005 
01006         result = r.status;
01007 
01008         if (NT_STATUS_IS_OK(result)) {
01009                 *user_pol = r.pol;
01010         }
01011 
01012         return result;
01013 }
01014 
01015 /** Enumerate user privileges
01016  *
01017  * @param cli Handle on an initialised SMB connection */
01018 
01019 NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01020                              POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
01021 {
01022         prs_struct qbuf, rbuf;
01023         LSA_Q_ENUMPRIVSACCOUNT q;
01024         LSA_R_ENUMPRIVSACCOUNT r;
01025         NTSTATUS result;
01026         int i;
01027 
01028         ZERO_STRUCT(q);
01029         ZERO_STRUCT(r);
01030 
01031         /* Initialise input parameters */
01032 
01033         init_lsa_q_enum_privsaccount(&q, pol);
01034 
01035         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT,
01036                 q, r,
01037                 qbuf, rbuf,
01038                 lsa_io_q_enum_privsaccount,
01039                 lsa_io_r_enum_privsaccount,
01040                 NT_STATUS_UNSUCCESSFUL);
01041 
01042         /* Return output parameters */
01043 
01044         result = r.status;
01045 
01046         if (!NT_STATUS_IS_OK(result)) {
01047                 goto done;
01048         }
01049 
01050         if (r.count == 0)
01051                 goto done;
01052 
01053         if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
01054                 DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
01055                 result = NT_STATUS_UNSUCCESSFUL;
01056                 goto done;
01057         }
01058 
01059         for (i=0; i<r.count; i++) {
01060                 (*set)[i].luid.low = r.set.set[i].luid.low;
01061                 (*set)[i].luid.high = r.set.set[i].luid.high;
01062                 (*set)[i].attr = r.set.set[i].attr;
01063         }
01064 
01065         *count=r.count;
01066  done:
01067 
01068         return result;
01069 }
01070 
01071 /** Get a privilege value given its name */
01072 
01073 NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01074                                  POLICY_HND *pol, const char *name, LUID *luid)
01075 {
01076         prs_struct qbuf, rbuf;
01077         LSA_Q_LOOKUP_PRIV_VALUE q;
01078         LSA_R_LOOKUP_PRIV_VALUE r;
01079         NTSTATUS result;
01080 
01081         ZERO_STRUCT(q);
01082         ZERO_STRUCT(r);
01083 
01084         /* Marshall data and send request */
01085 
01086         init_lsa_q_lookup_priv_value(&q, pol, name);
01087 
01088         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE,
01089                 q, r,
01090                 qbuf, rbuf,
01091                 lsa_io_q_lookup_priv_value,
01092                 lsa_io_r_lookup_priv_value,
01093                 NT_STATUS_UNSUCCESSFUL);
01094 
01095         result = r.status;
01096 
01097         if (!NT_STATUS_IS_OK(result)) {
01098                 goto done;
01099         }
01100 
01101         /* Return output parameters */
01102 
01103         (*luid).low=r.luid.low;
01104         (*luid).high=r.luid.high;
01105 
01106  done:
01107 
01108         return result;
01109 }
01110 
01111 /** Query LSA security object */
01112 
01113 NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01114                               POLICY_HND *pol, uint32 sec_info, 
01115                               SEC_DESC_BUF **psdb)
01116 {
01117         prs_struct qbuf, rbuf;
01118         LSA_Q_QUERY_SEC_OBJ q;
01119         LSA_R_QUERY_SEC_OBJ r;
01120         NTSTATUS result;
01121 
01122         ZERO_STRUCT(q);
01123         ZERO_STRUCT(r);
01124 
01125         /* Marshall data and send request */
01126 
01127         init_q_query_sec_obj(&q, pol, sec_info);
01128 
01129         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ,
01130                 q, r,
01131                 qbuf, rbuf,
01132                 lsa_io_q_query_sec_obj,
01133                 lsa_io_r_query_sec_obj,
01134                 NT_STATUS_UNSUCCESSFUL);
01135 
01136         result = r.status;
01137 
01138         if (!NT_STATUS_IS_OK(result)) {
01139                 goto done;
01140         }
01141 
01142         /* Return output parameters */
01143 
01144         if (psdb)
01145                 *psdb = r.buf;
01146 
01147  done:
01148 
01149         return result;
01150 }
01151 
01152 
01153 /* Enumerate account rights This is similar to enum_privileges but
01154    takes a SID directly, avoiding the open_account call.
01155 */
01156 
01157 NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01158                                      POLICY_HND *pol, DOM_SID *sid,
01159                                      uint32 *count, char ***priv_names)
01160 {
01161         prs_struct qbuf, rbuf;
01162         LSA_Q_ENUM_ACCT_RIGHTS q;
01163         LSA_R_ENUM_ACCT_RIGHTS r;
01164         NTSTATUS result;
01165         int i;
01166         fstring *privileges;
01167         char **names;
01168 
01169         ZERO_STRUCT(q);
01170         ZERO_STRUCT(r);
01171 
01172         /* Marshall data and send request */
01173         init_q_enum_acct_rights(&q, pol, 2, sid);
01174 
01175         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS,
01176                 q, r,
01177                 qbuf, rbuf,
01178                 lsa_io_q_enum_acct_rights,
01179                 lsa_io_r_enum_acct_rights,
01180                 NT_STATUS_UNSUCCESSFUL);
01181 
01182         result = r.status;
01183 
01184         if (!NT_STATUS_IS_OK(result)) {
01185                 goto done;
01186         }
01187 
01188         *count = r.count;
01189         if (! *count) {
01190                 goto done;
01191         }
01192 
01193         
01194         privileges = TALLOC_ARRAY( mem_ctx, fstring, *count );
01195         names      = TALLOC_ARRAY( mem_ctx, char *, *count );
01196 
01197         if ((privileges == NULL) || (names == NULL)) {
01198                 TALLOC_FREE(privileges);
01199                 TALLOC_FREE(names);
01200                 return NT_STATUS_NO_MEMORY;
01201         }
01202 
01203         for ( i=0; i<*count; i++ ) {
01204                 UNISTR4 *uni_string = &r.rights->strings[i];
01205 
01206                 if ( !uni_string->string )
01207                         continue;
01208 
01209                 rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE );
01210                         
01211                 /* now copy to the return array */
01212                 names[i] = talloc_strdup( mem_ctx, privileges[i] );
01213         }
01214         
01215         *priv_names = names;
01216 
01217 done:
01218 
01219         return result;
01220 }
01221 
01222 
01223 
01224 /* add account rights to an account. */
01225 
01226 NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01227                                     POLICY_HND *pol, DOM_SID sid,
01228                                         uint32 count, const char **privs_name)
01229 {
01230         prs_struct qbuf, rbuf;
01231         LSA_Q_ADD_ACCT_RIGHTS q;
01232         LSA_R_ADD_ACCT_RIGHTS r;
01233         NTSTATUS result;
01234 
01235         ZERO_STRUCT(q);
01236         ZERO_STRUCT(r);
01237 
01238         /* Marshall data and send request */
01239         init_q_add_acct_rights(&q, pol, &sid, count, privs_name);
01240 
01241         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS,
01242                 q, r,
01243                 qbuf, rbuf,
01244                 lsa_io_q_add_acct_rights,
01245                 lsa_io_r_add_acct_rights,
01246                 NT_STATUS_UNSUCCESSFUL);
01247 
01248         result = r.status;
01249 
01250         if (!NT_STATUS_IS_OK(result)) {
01251                 goto done;
01252         }
01253 done:
01254 
01255         return result;
01256 }
01257 
01258 
01259 /* remove account rights for an account. */
01260 
01261 NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01262                                        POLICY_HND *pol, DOM_SID sid, BOOL removeall,
01263                                        uint32 count, const char **privs_name)
01264 {
01265         prs_struct qbuf, rbuf;
01266         LSA_Q_REMOVE_ACCT_RIGHTS q;
01267         LSA_R_REMOVE_ACCT_RIGHTS r;
01268         NTSTATUS result;
01269 
01270         ZERO_STRUCT(q);
01271         ZERO_STRUCT(r);
01272 
01273         /* Marshall data and send request */
01274         init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name);
01275 
01276         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS,
01277                 q, r,
01278                 qbuf, rbuf,
01279                 lsa_io_q_remove_acct_rights,
01280                 lsa_io_r_remove_acct_rights,
01281                 NT_STATUS_UNSUCCESSFUL);
01282 
01283         result = r.status;
01284 
01285         if (!NT_STATUS_IS_OK(result)) {
01286                 goto done;
01287         }
01288 done:
01289 
01290         return result;
01291 }
01292 
01293 
01294 #if 0
01295 
01296 /** An example of how to use the routines in this file.  Fetch a DOMAIN
01297     sid. Does complete cli setup / teardown anonymously. */
01298 
01299 BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
01300 {
01301         extern pstring global_myname;
01302         struct cli_state cli;
01303         NTSTATUS result;
01304         POLICY_HND lsa_pol;
01305         BOOL ret = False;
01306  
01307         ZERO_STRUCT(cli);
01308         if(cli_initialise(&cli) == False) {
01309                 DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
01310                 return False;
01311         }
01312  
01313         if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
01314                 DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
01315                 goto done;
01316         }
01317  
01318         if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
01319                 DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
01320 machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
01321                 goto done;
01322         }
01323 
01324         if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
01325                 DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", 
01326                         remote_machine));
01327                 goto done;
01328         }
01329  
01330         cli.protocol = PROTOCOL_NT1;
01331  
01332         if (!cli_negprot(&cli)) {
01333                 DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
01334 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
01335                 goto done;
01336         }
01337  
01338         if (cli.protocol != PROTOCOL_NT1) {
01339                 DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
01340                         remote_machine));
01341                 goto done;
01342         }
01343  
01344         /*
01345          * Do an anonymous session setup.
01346          */
01347  
01348         if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
01349                 DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
01350 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
01351                 goto done;
01352         }
01353  
01354         if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
01355                 DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
01356                         remote_machine));
01357                 goto done;
01358         }
01359 
01360         if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
01361                 DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
01362 Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
01363                 goto done;
01364         }
01365 
01366         /* Fetch domain sid */
01367  
01368         if (!cli_nt_session_open(&cli, PI_LSARPC)) {
01369                 DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
01370                 goto done;
01371         }
01372  
01373         result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
01374         if (!NT_STATUS_IS_OK(result)) {
01375                 DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
01376                         nt_errstr(result) ));
01377                 goto done;
01378         }
01379  
01380         result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
01381         if (!NT_STATUS_IS_OK(result)) {
01382                 DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
01383                         nt_errstr(result) ));
01384                 goto done;
01385         }
01386  
01387         ret = True;
01388 
01389   done:
01390 
01391         cli_shutdown(&cli);
01392         return ret;
01393 }
01394 
01395 #endif
01396 
01397 NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01398                                      POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask,
01399                                      POLICY_HND *trustdom_pol)
01400 {
01401         prs_struct qbuf, rbuf;
01402         LSA_Q_OPEN_TRUSTED_DOMAIN q;
01403         LSA_R_OPEN_TRUSTED_DOMAIN r;
01404         NTSTATUS result;
01405 
01406         ZERO_STRUCT(q);
01407         ZERO_STRUCT(r);
01408 
01409         /* Initialise input parameters */
01410 
01411         init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask);
01412 
01413         /* Marshall data and send request */
01414 
01415         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOM,
01416                 q, r,
01417                 qbuf, rbuf,
01418                 lsa_io_q_open_trusted_domain,
01419                 lsa_io_r_open_trusted_domain,
01420                 NT_STATUS_UNSUCCESSFUL);
01421 
01422         /* Return output parameters */
01423         
01424         result = r.status;
01425 
01426         if (NT_STATUS_IS_OK(result)) {
01427                 *trustdom_pol = r.handle;
01428         }
01429 
01430         return result;
01431 }
01432 
01433 NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01434                                            POLICY_HND *pol, 
01435                                            uint16 info_class,  
01436                                            LSA_TRUSTED_DOMAIN_INFO **info)
01437 {
01438         prs_struct qbuf, rbuf;
01439         LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q;
01440         LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
01441         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
01442 
01443         ZERO_STRUCT(q);
01444         ZERO_STRUCT(r);
01445 
01446         /* Marshall data and send request */
01447 
01448         init_q_query_trusted_domain_info(&q, pol, info_class); 
01449 
01450         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO,
01451                 q, r,
01452                 qbuf, rbuf,
01453                 lsa_io_q_query_trusted_domain_info,
01454                 lsa_io_r_query_trusted_domain_info,
01455                 NT_STATUS_UNSUCCESSFUL);
01456 
01457         result = r.status;
01458 
01459         if (!NT_STATUS_IS_OK(result)) {
01460                 goto done;
01461         }
01462 
01463         *info = r.info;
01464                 
01465 done:
01466         return result;
01467 }
01468 
01469 NTSTATUS rpccli_lsa_open_trusted_domain_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01470                                                 POLICY_HND *pol, const char *name, uint32 access_mask,
01471                                                 POLICY_HND *trustdom_pol)
01472 {
01473         prs_struct qbuf, rbuf;
01474         LSA_Q_OPEN_TRUSTED_DOMAIN_BY_NAME q;
01475         LSA_R_OPEN_TRUSTED_DOMAIN_BY_NAME r;
01476         NTSTATUS result;
01477 
01478         ZERO_STRUCT(q);
01479         ZERO_STRUCT(r);
01480 
01481         /* Initialise input parameters */
01482 
01483         init_lsa_q_open_trusted_domain_by_name(&q, pol, name, access_mask);
01484 
01485         /* Marshall data and send request */
01486 
01487         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOMBYNAME,
01488                 q, r,
01489                 qbuf, rbuf,
01490                 lsa_io_q_open_trusted_domain_by_name,
01491                 lsa_io_r_open_trusted_domain_by_name,
01492                 NT_STATUS_UNSUCCESSFUL);
01493 
01494         /* Return output parameters */
01495         
01496         result = r.status;
01497 
01498         if (NT_STATUS_IS_OK(result)) {
01499                 *trustdom_pol = r.handle;
01500         }
01501 
01502         return result;
01503 }
01504 
01505 
01506 NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01507                                                   POLICY_HND *pol, 
01508                                                   uint16 info_class, DOM_SID *dom_sid, 
01509                                                   LSA_TRUSTED_DOMAIN_INFO **info)
01510 {
01511         prs_struct qbuf, rbuf;
01512         LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q;
01513         LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
01514         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
01515 
01516         ZERO_STRUCT(q);
01517         ZERO_STRUCT(r);
01518 
01519         /* Marshall data and send request */
01520 
01521         init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); 
01522 
01523         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID,
01524                 q, r,
01525                 qbuf, rbuf,
01526                 lsa_io_q_query_trusted_domain_info_by_sid,
01527                 lsa_io_r_query_trusted_domain_info,
01528                 NT_STATUS_UNSUCCESSFUL);
01529 
01530         result = r.status;
01531 
01532         if (!NT_STATUS_IS_OK(result)) {
01533                 goto done;
01534         }
01535 
01536         *info = r.info;
01537 
01538 done:
01539 
01540         return result;
01541 }
01542 
01543 NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01544                                                    POLICY_HND *pol, 
01545                                                    uint16 info_class, const char *domain_name, 
01546                                                    LSA_TRUSTED_DOMAIN_INFO **info)
01547 {
01548         prs_struct qbuf, rbuf;
01549         LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q;
01550         LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
01551         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
01552 
01553         ZERO_STRUCT(q);
01554         ZERO_STRUCT(r);
01555 
01556         /* Marshall data and send request */
01557 
01558         init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); 
01559 
01560         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME,
01561                 q, r,
01562                 qbuf, rbuf,
01563                 lsa_io_q_query_trusted_domain_info_by_name,
01564                 lsa_io_r_query_trusted_domain_info,
01565                 NT_STATUS_UNSUCCESSFUL);
01566 
01567         result = r.status;
01568 
01569         if (!NT_STATUS_IS_OK(result)) {
01570                 goto done;
01571         }
01572 
01573         *info = r.info;
01574 
01575 done:
01576         
01577         return result;
01578 }
01579 
01580 NTSTATUS cli_lsa_query_domain_info_policy(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
01581                                           POLICY_HND *pol, 
01582                                           uint16 info_class, LSA_DOM_INFO_UNION **info)
01583 {
01584         prs_struct qbuf, rbuf;
01585         LSA_Q_QUERY_DOM_INFO_POLICY q;
01586         LSA_R_QUERY_DOM_INFO_POLICY r;
01587         NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
01588 
01589         ZERO_STRUCT(q);
01590         ZERO_STRUCT(r);
01591 
01592         /* Marshall data and send request */
01593 
01594         init_q_query_dom_info(&q, pol, info_class); 
01595 
01596         CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYDOMINFOPOL, 
01597                 q, r,
01598                 qbuf, rbuf,
01599                 lsa_io_q_query_dom_info,
01600                 lsa_io_r_query_dom_info,
01601                 NT_STATUS_UNSUCCESSFUL);
01602 
01603         result = r.status;
01604 
01605         if (!NT_STATUS_IS_OK(result)) {
01606                 goto done;
01607         }
01608 
01609         *info = r.info;
01610 
01611 done:
01612         return result;
01613 }
01614
Sambaに対してSat Aug 29 21:23:15 2009に生成されました。  doxygen 1.4.7