データ構造 | |
| struct | LsaOpenPolicy |
| struct | LsaGetNamesFromSids |
| struct | LsaGetSidsFromNames |
| struct | LsaFetchSid |
| struct | LsaQueryInfoPolicy |
| struct | LsaEnumSids |
| struct | LsaEnumAccountRights |
| struct | LsaEnumTrustedDomains |
| struct | LsaOpenTrustedDomain |
| struct | LsaQueryTrustedDomainInfo |
| struct | LsaEnumPrivileges |
| struct | LsaOpenAccount |
| struct | LsaAddPrivileges |
| struct | LsaRemovePrivileges |
| struct | LsaClearPrivileges |
| struct | LsaGetSecurityObject |
関数 | |
| int | cac_LsaOpenPolicy (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenPolicy *op) |
| Opens a policy handle on a remote machine. | |
| int | cac_LsaClosePolicy (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *pol) |
| Closes an LSA policy handle (Retrieved using cac_LsaOpenPolicy). | |
| int | cac_LsaGetNamesFromSids (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaGetNamesFromSids *op) |
| Looks up the names for a list of SIDS | |
| int | cac_LsaGetSidsFromNames (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaGetSidsFromNames *op) |
| Looks up the SIDs for a list of names | |
| int | cac_LsaFetchSid (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaFetchSid *op) |
| Looks up the domain or local sid of a machine with an open LSA policy handle | |
| int | cac_LsaQueryInfoPolicy (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaQueryInfoPolicy *op) |
| Retrieves information about the LSA machine/domain | |
| int | cac_LsaEnumSids (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumSids *op) |
| Enumerates the SIDs in the LSA. | |
| int | cac_LsaEnumAccountRights (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumAccountRights *op) |
| Enumerates rights assigned to a given account. | |
| int | cac_LsaEnumTrustedDomains (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumTrustedDomains *op) |
| Enumerates the trusted domains in the LSA. | |
| int | cac_LsaOpenTrustedDomain (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenTrustedDomain *op) |
| Opens a trusted domain by SID. | |
| int | cac_LsaQueryTrustedDomainInfo (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaQueryTrustedDomainInfo *op) |
| Retrieves information a trusted domain. | |
| int | cac_LsaEnumPrivileges (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumPrivileges *op) |
| Enumerates the Privileges supported by the LSA. | |
| int | cac_LsaOpenAccount (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenAccount *op) |
| Opens a handle to an account in the LSA | |
| int | cac_LsaAddPrivileges (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaAddPrivileges *op) |
| Adds Privileges an account. | |
| int | cac_LsaRemovePrivileges (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaRemovePrivileges *op) |
| Removes a _specific_ set of privileges from an account | |
| int | cac_LsaClearPrivileges (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaClearPrivileges *op) |
| Removes ALL privileges from an account | |
| int | cac_LsaSetPrivileges (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaAddPrivileges *op) |
| Sets an accounts priviliges. | |
| int | cac_LsaGetSecurityObject (CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaGetSecurityObject *op) |
| Retrieves Security Descriptor information about the LSA | |
| int cac_LsaOpenPolicy | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaOpenPolicy * | op | |||
| ) |
Opens a policy handle on a remote machine.
| hnd | fully initialized CacServerHandle for remote machine | |
| mem_ctx | Talloc context for memory allocation | |
| op | Initialized parameters |
CAC_SUCCESS if the policy could be opened, the policy handle can be found
cac_lsarpc.c の 25 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・LsaOpenPolicy::access・cac_GetPipe()・cac_GetServer()・_SMBCSRV::cli・cli_rpc_pipe_open_noauth()・CacServerHandleInternal::ctx・errno・LsaOpenPolicy::in・LsaOpenPolicy::out・CacServerHandleInternal::pipes・LsaOpenPolicy::pol・rpccli_lsa_open_policy()・rpccli_lsa_open_policy2()・LsaOpenPolicy::security_qos・CacServerHandleInternal::srv_level・_CACSERVERHANDLE::status.
参照元 cac_get_domain_sid().
00027 { 00028 SMBCSRV *srv = NULL; 00029 POLICY_HND *policy = NULL; 00030 struct rpc_pipe_client *pipe_hnd = NULL; 00031 00032 if ( !hnd ) 00033 return CAC_FAILURE; 00034 00035 if ( !hnd->_internal.ctx ) { 00036 hnd->status = NT_STATUS_INVALID_HANDLE; 00037 return CAC_FAILURE; 00038 } 00039 00040 if ( !mem_ctx || !op ) { 00041 hnd->status = NT_STATUS_INVALID_PARAMETER; 00042 return CAC_FAILURE; 00043 } 00044 00045 op->out.pol = NULL; 00046 00047 srv = cac_GetServer( hnd ); 00048 if ( !srv ) { 00049 hnd->status = NT_STATUS_INVALID_CONNECTION; 00050 return CAC_FAILURE; 00051 } 00052 00053 /*see if there is already an active session on this pipe, if not then open one */ 00054 if ( !hnd->_internal.pipes[PI_LSARPC] ) { 00055 pipe_hnd = 00056 cli_rpc_pipe_open_noauth( srv->cli, PI_LSARPC, 00057 &hnd->status ); 00058 00059 if ( !pipe_hnd ) { 00060 hnd->status = NT_STATUS_UNSUCCESSFUL; 00061 return CAC_FAILURE; 00062 } 00063 00064 hnd->_internal.pipes[PI_LSARPC] = True; 00065 } 00066 00067 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00068 if ( !pipe_hnd ) { 00069 hnd->status = NT_STATUS_INVALID_HANDLE; 00070 return CAC_FAILURE; 00071 } 00072 00073 policy = TALLOC_P( mem_ctx, POLICY_HND ); 00074 if ( !policy ) { 00075 errno = ENOMEM; 00076 hnd->status = NT_STATUS_NO_MEMORY; 00077 return CAC_FAILURE; 00078 } 00079 00080 /*need to make sure that our nt status is good otherwise check might fail below */ 00081 hnd->status = NT_STATUS_OK; 00082 00083 if ( hnd->_internal.srv_level >= SRV_WIN_2K ) { 00084 00085 /*try using open_policy2, if this fails try again in next block using open_policy, if that works then adjust hnd->_internal.srv_level */ 00086 00087 /*we shouldn't need to modify the access mask to make it work here */ 00088 hnd->status = 00089 rpccli_lsa_open_policy2( pipe_hnd, mem_ctx, 00090 op->in.security_qos, 00091 op->in.access, policy ); 00092 00093 } 00094 00095 if ( hnd->_internal.srv_level < SRV_WIN_2K 00096 || !NT_STATUS_IS_OK( hnd->status ) ) { 00097 hnd->status = 00098 rpccli_lsa_open_policy( pipe_hnd, mem_ctx, 00099 op->in.security_qos, 00100 op->in.access, policy ); 00101 00102 if ( hnd->_internal.srv_level > SRV_WIN_NT4 00103 && NT_STATUS_IS_OK( hnd->status ) ) { 00104 /*change the server level to 1 */ 00105 hnd->_internal.srv_level = SRV_WIN_NT4; 00106 } 00107 00108 } 00109 00110 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00111 return CAC_FAILURE; 00112 } 00113 00114 op->out.pol = policy; 00115 00116 return CAC_SUCCESS; 00117 }
| int cac_LsaClosePolicy | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| POLICY_HND * | pol | |||
| ) |
Closes an LSA policy handle (Retrieved using cac_LsaOpenPolicy).
If successful, the handle will be closed on the server, and memory for pol will be freed
| hnd | - An initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| pol | - the policy handle to close |
CAC_SUCCESS the policy handle was closed
cac_lsarpc.c の 119 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・CacServerHandleInternal::pipes・pol・rpccli_lsa_close()・_CACSERVERHANDLE::status.
参照元 cac_get_domain_sid().
00121 { 00122 00123 struct rpc_pipe_client *pipe_hnd = NULL; 00124 00125 if ( !hnd ) 00126 return CAC_FAILURE; 00127 00128 if ( !pol ) 00129 return CAC_SUCCESS; /*if the policy handle doesnt exist then it's already closed */ 00130 00131 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00132 hnd->status = NT_STATUS_INVALID_HANDLE; 00133 return CAC_FAILURE; 00134 } 00135 00136 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00137 if ( !pipe_hnd ) { 00138 hnd->status = NT_STATUS_INVALID_HANDLE; 00139 return CAC_FAILURE; 00140 } 00141 00142 hnd->status = rpccli_lsa_close( pipe_hnd, mem_ctx, pol ); 00143 00144 TALLOC_FREE( pol ); 00145 00146 if ( !NT_STATUS_IS_OK( hnd->status ) ) 00147 return CAC_FAILURE; 00148 00149 return CAC_SUCCESS; 00150 }
| int cac_LsaGetNamesFromSids | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaGetNamesFromSids * | op | |||
| ) |
Looks up the names for a list of SIDS
| hnd | initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | input and output parameters |
CAC_SUCCESS all of the SIDs were translated and a list of names has been output
CAC_PARTIAL_SUCCESS not all of the SIDs were translated, as a result the number of returned names is less than the original list of SIDs
cac_lsarpc.c の 152 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・_CACSIDINFO::domain・errno・LsaGetNamesFromSids::in・_CACSIDINFO::name・LsaGetNamesFromSids::num_found・LsaGetNamesFromSids::num_sids・LsaGetNamesFromSids::out・CacServerHandleInternal::pipes・LsaGetNamesFromSids::pol・result・rpccli_lsa_lookup_sids()・LsaGetNamesFromSids::sids・_CACSERVERHANDLE::status・LsaGetNamesFromSids::unknown.
00154 { 00155 struct rpc_pipe_client *pipe_hnd = NULL; 00156 00157 int result = -1; 00158 00159 int i; 00160 00161 /*buffers for outputs */ 00162 char **domains = NULL; 00163 char **names = NULL; 00164 enum lsa_SidType *types = NULL; 00165 00166 CacSidInfo *sids_out = NULL; 00167 DOM_SID *unknown_out = NULL; 00168 int num_unknown = 0; 00169 00170 int num_sids; 00171 00172 int found_idx; 00173 int unknown_idx; 00174 00175 if ( !hnd ) 00176 return CAC_FAILURE; 00177 00178 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00179 hnd->status = NT_STATUS_INVALID_HANDLE; 00180 return CAC_FAILURE; 00181 } 00182 00183 if ( !mem_ctx || !op || !op->in.pol || !op->in.sids ) { 00184 hnd->status = NT_STATUS_INVALID_PARAMETER; 00185 return CAC_FAILURE; 00186 } 00187 00188 num_sids = op->in.num_sids; 00189 00190 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00191 if ( !pipe_hnd ) { 00192 hnd->status = NT_STATUS_INVALID_HANDLE; 00193 return CAC_FAILURE; 00194 } 00195 00196 00197 00198 /*now actually lookup the names */ 00199 hnd->status = 00200 rpccli_lsa_lookup_sids( pipe_hnd, mem_ctx, op->in.pol, 00201 op->in.num_sids, op->in.sids, 00202 &domains, &names, &types ); 00203 00204 if ( NT_STATUS_IS_OK( hnd->status ) ) { 00205 /*this is the easy part, just make the out.sids array */ 00206 if (num_sids) { 00207 sids_out = TALLOC_ARRAY( mem_ctx, CacSidInfo, num_sids ); 00208 if ( !sids_out ) { 00209 errno = ENOMEM; 00210 hnd->status = NT_STATUS_NO_MEMORY; 00211 return CAC_FAILURE; 00212 } 00213 } else { 00214 sids_out = NULL; 00215 } 00216 00217 for ( i = 0; i < num_sids; i++ ) { 00218 sids_out[i].sid = op->in.sids[i]; 00219 sids_out[i].name = names[i]; 00220 sids_out[i].domain = domains[i]; 00221 } 00222 00223 result = CAC_SUCCESS; 00224 } else if ( NT_STATUS_V( hnd->status ) == 00225 NT_STATUS_V( STATUS_SOME_UNMAPPED ) ) { 00226 /*first find out how many couldn't be looked up */ 00227 00228 for ( i = 0; i < num_sids; i++ ) { 00229 if ( names[i] == NULL ) { 00230 num_unknown++; 00231 } 00232 } 00233 00234 if ( num_unknown >= num_sids ) { 00235 hnd->status = NT_STATUS_UNSUCCESSFUL; 00236 return CAC_FAILURE; 00237 } 00238 00239 if ( num_sids - num_unknown) { 00240 sids_out = 00241 TALLOC_ARRAY( mem_ctx, CacSidInfo, 00242 ( num_sids - num_unknown ) ); 00243 if ( !sids_out ) { 00244 errno = ENOMEM; 00245 hnd->status = NT_STATUS_NO_MEMORY; 00246 return CAC_FAILURE; 00247 } 00248 } else { 00249 sids_out = NULL; 00250 } 00251 00252 if (num_unknown) { 00253 unknown_out = TALLOC_ARRAY( mem_ctx, DOM_SID, num_unknown ); 00254 if ( !unknown_out ) { 00255 errno = ENOMEM; 00256 hnd->status = NT_STATUS_NO_MEMORY; 00257 return CAC_FAILURE; 00258 } 00259 } else { 00260 unknown_out = NULL; 00261 } 00262 found_idx = unknown_idx = 0; 00263 00264 /*now we can actually do the real work */ 00265 for ( i = 0; i < num_sids; i++ ) { 00266 if ( names[i] != NULL ) { 00267 sids_out[found_idx].sid = op->in.sids[i]; 00268 sids_out[found_idx].name = names[i]; 00269 sids_out[found_idx].domain = domains[i]; 00270 00271 found_idx++; 00272 } else { /*then this one didnt work out */ 00273 unknown_out[unknown_idx] = op->in.sids[i]; 00274 00275 unknown_idx++; 00276 } 00277 } 00278 00279 result = CAC_PARTIAL_SUCCESS; 00280 } else { /*then it failed for some reason */ 00281 return CAC_FAILURE; 00282 } 00283 00284 op->out.num_found = num_sids - num_unknown; 00285 op->out.sids = sids_out; 00286 op->out.unknown = unknown_out; 00287 00288 return result; 00289 00290 }
| int cac_LsaGetSidsFromNames | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaGetSidsFromNames * | op | |||
| ) |
Looks up the SIDs for a list of names
| hnd | initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | input and output parameters |
CAC_SUCCESS all of the SIDs were translated and a list of names has been output
CAC_PARTIAL_SUCCESS not all of the SIDs were translated, as a result the number of returned names is less than the original list of SIDs
cac_lsarpc.c の 292 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・_CACSIDINFO::domain・errno・LsaGetSidsFromNames::in・_CACSIDINFO::name・LsaGetSidsFromNames::names・LsaGetSidsFromNames::num_found・LsaGetSidsFromNames::num_names・LsaGetSidsFromNames::out・CacServerHandleInternal::pipes・LsaGetSidsFromNames::pol・result・rpccli_lsa_lookup_names()・SID_NAME_UNKNOWN・LsaGetSidsFromNames::sids・_CACSERVERHANDLE::status・talloc_strdup()・LsaGetSidsFromNames::unknown.
00294 { 00295 struct rpc_pipe_client *pipe_hnd = NULL; 00296 int result = -1; 00297 00298 int i; 00299 00300 /*buffers for outputs */ 00301 DOM_SID *sids = NULL; 00302 enum lsa_SidType *types = NULL; 00303 00304 CacSidInfo *sids_out = NULL; 00305 char **unknown_out = NULL; 00306 int num_unknown = 0; 00307 00308 int num_names; 00309 00310 int found_idx = 0; 00311 int unknown_idx = 0; 00312 00313 if ( !hnd ) 00314 return CAC_FAILURE; 00315 00316 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00317 hnd->status = NT_STATUS_INVALID_HANDLE; 00318 return CAC_FAILURE; 00319 } 00320 00321 if ( !mem_ctx || !op || !op->in.pol || !op->in.names ) { 00322 hnd->status = NT_STATUS_INVALID_PARAMETER; 00323 return CAC_FAILURE; 00324 } 00325 00326 num_names = op->in.num_names; 00327 00328 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00329 if ( !pipe_hnd ) { 00330 hnd->status = NT_STATUS_INVALID_HANDLE; 00331 return CAC_FAILURE; 00332 } 00333 00334 00335 /*now actually lookup the names */ 00336 hnd->status = 00337 rpccli_lsa_lookup_names( pipe_hnd, mem_ctx, op->in.pol, 00338 num_names, 00339 ( const char ** ) op->in.names, NULL, 00340 &sids, &types ); 00341 00342 if ( NT_STATUS_IS_OK( hnd->status ) ) { 00343 /*this is the easy part, just make the out.sids array */ 00344 if (num_names) { 00345 sids_out = TALLOC_ARRAY( mem_ctx, CacSidInfo, num_names ); 00346 if ( !sids_out ) { 00347 errno = ENOMEM; 00348 hnd->status = NT_STATUS_NO_MEMORY; 00349 return CAC_FAILURE; 00350 } 00351 } else { 00352 sids_out = NULL; 00353 } 00354 00355 for ( i = 0; i < num_names; i++ ) { 00356 sids_out[i].sid = sids[i]; 00357 sids_out[i].name = 00358 talloc_strdup( mem_ctx, op->in.names[i] ); 00359 sids_out[i].domain = NULL; 00360 } 00361 00362 result = CAC_SUCCESS; 00363 } else if ( NT_STATUS_V( hnd->status ) == 00364 NT_STATUS_V( STATUS_SOME_UNMAPPED ) ) { 00365 /*first find out how many couldn't be looked up */ 00366 00367 for ( i = 0; i < num_names; i++ ) { 00368 if ( types[i] == SID_NAME_UNKNOWN ) { 00369 num_unknown++; 00370 } 00371 } 00372 00373 if ( num_unknown >= num_names ) { 00374 hnd->status = NT_STATUS_UNSUCCESSFUL; 00375 return CAC_FAILURE; 00376 } 00377 00378 if (num_names - num_unknown) { 00379 sids_out = 00380 TALLOC_ARRAY( mem_ctx, CacSidInfo, 00381 ( num_names - num_unknown ) ); 00382 if ( !sids_out ) { 00383 errno = ENOMEM; 00384 hnd->status = NT_STATUS_NO_MEMORY; 00385 return CAC_FAILURE; 00386 } 00387 } else { 00388 sids_out = NULL; 00389 } 00390 00391 if (num_unknown) { 00392 unknown_out = TALLOC_ARRAY( mem_ctx, char *, num_unknown ); 00393 if ( !unknown_out ) { 00394 errno = ENOMEM; 00395 hnd->status = NT_STATUS_NO_MEMORY; 00396 return CAC_FAILURE; 00397 } 00398 } else { 00399 unknown_out = NULL; 00400 } 00401 00402 unknown_idx = found_idx = 0; 00403 00404 /*now we can actually do the real work */ 00405 for ( i = 0; i < num_names; i++ ) { 00406 if ( types[i] != SID_NAME_UNKNOWN ) { 00407 sids_out[found_idx].sid = sids[i]; 00408 sids_out[found_idx].name = 00409 talloc_strdup( mem_ctx, 00410 op->in.names[i] ); 00411 sids_out[found_idx].domain = NULL; 00412 00413 found_idx++; 00414 } else { /*then this one didnt work out */ 00415 unknown_out[unknown_idx] = 00416 talloc_strdup( mem_ctx, 00417 op->in.names[i] ); 00418 00419 unknown_idx++; 00420 } 00421 } 00422 00423 result = CAC_PARTIAL_SUCCESS; 00424 } else { /*then it failed for some reason */ 00425 return CAC_FAILURE; 00426 } 00427 00428 op->out.num_found = num_names - num_unknown; 00429 op->out.sids = sids_out; 00430 op->out.unknown = unknown_out; 00431 00432 return result; 00433 00434 }
| int cac_LsaFetchSid | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaFetchSid * | op | |||
| ) |
Looks up the domain or local sid of a machine with an open LSA policy handle
| hnd | initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | input and output parameters |
CAC_SUCCESS if the SID was fetched
CAC_PARTIAL_SUCCESS if you asked for both local and domain sids but only one was returned
cac_lsarpc.c の 436 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・rpc_pipe_client::domain・_CACSIDINFO::domain・LsaFetchSid::domain_sid・domain_sid・LsaFetchSid::in・LsaFetchSid::info_class・LsaFetchSid::local_sid・LsaFetchSid::out・CacServerHandleInternal::pipes・LsaFetchSid::pol・result・rpccli_lsa_query_info_policy()・_CACSIDINFO::sid・sid_copy()・_CACSERVERHANDLE::status.
参照元 cac_get_domain_sid().
00438 { 00439 struct rpc_pipe_client *pipe_hnd = NULL; 00440 int result = -1; 00441 00442 if ( !hnd ) 00443 return CAC_FAILURE; 00444 00445 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00446 hnd->status = NT_STATUS_INVALID_HANDLE; 00447 return CAC_FAILURE; 00448 } 00449 00450 if ( !mem_ctx || !op || !op->in.pol ) { 00451 hnd->status = NT_STATUS_INVALID_PARAMETER; 00452 return CAC_FAILURE; 00453 } 00454 00455 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00456 if ( !pipe_hnd ) { 00457 hnd->status = NT_STATUS_INVALID_HANDLE; 00458 return CAC_FAILURE; 00459 } 00460 00461 op->out.local_sid = NULL; 00462 op->out.domain_sid = NULL; 00463 00464 if ( ( op->in.info_class & CAC_LOCAL_INFO ) == CAC_LOCAL_INFO ) { 00465 DOM_SID *local_sid = NULL; 00466 char *dom_name = NULL; 00467 00468 hnd->status = 00469 rpccli_lsa_query_info_policy( pipe_hnd, mem_ctx, 00470 op->in.pol, 00471 CAC_LOCAL_INFO, 00472 &dom_name, &local_sid ); 00473 00474 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00475 result = CAC_FAILURE; 00476 goto domain; 00477 } 00478 00479 op->out.local_sid = talloc( mem_ctx, CacSidInfo ); 00480 if ( !op->out.local_sid ) { 00481 hnd->status = NT_STATUS_NO_MEMORY; 00482 result = CAC_FAILURE; 00483 goto domain; 00484 } 00485 00486 op->out.local_sid->domain = dom_name; 00487 00488 sid_copy( &op->out.local_sid->sid, local_sid ); 00489 TALLOC_FREE( local_sid ); 00490 } 00491 00492 domain: 00493 00494 if ( ( op->in.info_class & CAC_DOMAIN_INFO ) == CAC_DOMAIN_INFO ) { 00495 DOM_SID *domain_sid; 00496 char *dom_name; 00497 00498 hnd->status = 00499 rpccli_lsa_query_info_policy( pipe_hnd, mem_ctx, 00500 op->in.pol, 00501 CAC_DOMAIN_INFO, 00502 &dom_name, 00503 &domain_sid ); 00504 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00505 /*if we succeeded above, report partial success */ 00506 result = CAC_FAILURE; 00507 goto done; 00508 } else if ( result == CAC_FAILURE ) { 00509 /*if we failed above but succeded here then report partial success */ 00510 result = CAC_PARTIAL_SUCCESS; 00511 } 00512 00513 op->out.domain_sid = talloc( mem_ctx, CacSidInfo ); 00514 if ( !op->out.domain_sid ) { 00515 hnd->status = NT_STATUS_NO_MEMORY; 00516 result = CAC_FAILURE; 00517 goto done; 00518 } 00519 00520 op->out.domain_sid->domain = dom_name; 00521 sid_copy( &op->out.domain_sid->sid, domain_sid ); 00522 TALLOC_FREE( domain_sid ); 00523 } 00524 00525 done: 00526 return result; 00527 }
| int cac_LsaQueryInfoPolicy | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaQueryInfoPolicy * | op | |||
| ) |
Retrieves information about the LSA machine/domain
| hnd | initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | input and output parameters Note: for pre-Windows 2000 machines, only op->out.SID and op->out.domain will be set. |
CAC_SUCCESS the operation was successful.
cac_lsarpc.c の 529 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaQueryInfoPolicy::dns_name・LsaQueryInfoPolicy::domain_guid・domain_name・LsaQueryInfoPolicy::domain_name・domain_sid・LsaQueryInfoPolicy::domain_sid・LsaQueryInfoPolicy::forest_name・LsaQueryInfoPolicy::in・LsaQueryInfoPolicy::out・CacServerHandleInternal::pipes・LsaQueryInfoPolicy::pol・rpccli_lsa_query_info_policy2()・_CACSERVERHANDLE::status.
00531 { 00532 struct rpc_pipe_client *pipe_hnd = NULL; 00533 00534 char *domain_name = NULL; 00535 char *dns_name = NULL; 00536 char *forest_name = NULL; 00537 struct GUID *domain_guid = NULL; 00538 DOM_SID *domain_sid = NULL; 00539 00540 if ( !hnd ) 00541 return CAC_FAILURE; 00542 00543 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00544 hnd->status = NT_STATUS_INVALID_HANDLE; 00545 return CAC_FAILURE; 00546 } 00547 00548 if ( !op || !op->in.pol ) { 00549 hnd->status = NT_STATUS_INVALID_PARAMETER; 00550 return CAC_FAILURE; 00551 } 00552 00553 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00554 if ( !pipe_hnd ) { 00555 hnd->status = NT_STATUS_INVALID_HANDLE; 00556 return CAC_FAILURE; 00557 } 00558 00559 /*only works if info_class parm is 12 */ 00560 hnd->status = 00561 rpccli_lsa_query_info_policy2( pipe_hnd, mem_ctx, op->in.pol, 00562 12, &domain_name, &dns_name, 00563 &forest_name, &domain_guid, 00564 &domain_sid ); 00565 00566 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00567 return CAC_FAILURE; 00568 } 00569 00570 op->out.domain_name = domain_name; 00571 op->out.dns_name = dns_name; 00572 op->out.forest_name = forest_name; 00573 op->out.domain_guid = domain_guid; 00574 op->out.domain_sid = domain_sid; 00575 00576 return CAC_SUCCESS; 00577 }
| int cac_LsaEnumSids | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaEnumSids * | op | |||
| ) |
Enumerates the SIDs in the LSA.
Can be enumerated in blocks by calling the function multiple times. Example: while(cac_LsaEnumSids(hnd, mem_ctx, op) { ... }
| hnd | - An initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | Initialized parameters |
CAC_SUCCESS the operation completed and results were returned
cac_lsarpc.c の 579 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaEnumSids::in・LsaEnumSids::num_sids・LsaEnumSids::out・CacServerHandleInternal::pipes・LsaEnumSids::pol・LsaEnumSids::pref_max_sids・LsaEnumSids::resume_idx・rpccli_lsa_enum_sids()・LsaEnumSids::sids・_CACSERVERHANDLE::status.
00581 { 00582 struct rpc_pipe_client *pipe_hnd = NULL; 00583 00584 uint32 num_sids; 00585 DOM_SID *sids; 00586 00587 if ( !hnd ) 00588 return CAC_FAILURE; 00589 00590 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00591 hnd->status = NT_STATUS_INVALID_HANDLE; 00592 return CAC_FAILURE; 00593 } 00594 00595 if ( !op || !op->in.pol ) { 00596 hnd->status = NT_STATUS_INVALID_PARAMETER; 00597 return CAC_FAILURE; 00598 } 00599 00600 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00601 if ( !pipe_hnd ) { 00602 hnd->status = NT_STATUS_INVALID_HANDLE; 00603 return CAC_FAILURE; 00604 } 00605 00606 hnd->status = 00607 rpccli_lsa_enum_sids( pipe_hnd, mem_ctx, op->in.pol, 00608 &( op->out.resume_idx ), 00609 op->in.pref_max_sids, &num_sids, 00610 &sids ); 00611 00612 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00613 return CAC_FAILURE; 00614 } 00615 00616 op->out.num_sids = num_sids; 00617 op->out.sids = sids; 00618 00619 return CAC_SUCCESS; 00620 00621 }
| int cac_LsaEnumAccountRights | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaEnumAccountRights * | op | |||
| ) |
Enumerates rights assigned to a given account.
Takes a SID instead of account handle as input
| hnd | Initialized and connected server handle | |
| mem_ctx | Context for memory allocation | |
| op | Initialized Parameters |
CAC_SUCCESS the operation was successful.
cac_lsarpc.c の 623 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaEnumAccountRights::in・LsaEnumAccountRights::name・name・LsaEnumAccountRights::num_privs・LsaEnumAccountRights::out・CacServerHandleInternal::pipes・LsaEnumAccountRights::pol・LsaEnumAccountRights::priv_names・privs・rpccli_lsa_enum_account_rights()・rpccli_lsa_lookup_names()・LsaEnumAccountRights::sid・_CACSERVERHANDLE::status・type.
00625 { 00626 struct rpc_pipe_client *pipe_hnd = NULL; 00627 00628 uint32 count = 0; 00629 char **privs = NULL; 00630 00631 if ( !hnd ) 00632 return CAC_FAILURE; 00633 00634 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00635 hnd->status = NT_STATUS_INVALID_HANDLE; 00636 return CAC_FAILURE; 00637 } 00638 00639 if ( !op->in.pol ) { 00640 hnd->status = NT_STATUS_INVALID_PARAMETER; 00641 return CAC_FAILURE; 00642 } 00643 00644 if ( !op->in.name && !op->in.sid ) { 00645 hnd->status = NT_STATUS_INVALID_PARAMETER; 00646 return CAC_FAILURE; 00647 } 00648 00649 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00650 if ( !pipe_hnd ) { 00651 hnd->status = NT_STATUS_INVALID_HANDLE; 00652 return CAC_FAILURE; 00653 } 00654 00655 if ( op->in.name && !op->in.sid ) { 00656 DOM_SID *user_sid = NULL; 00657 enum lsa_SidType *type; 00658 00659 /*lookup the SID */ 00660 hnd->status = 00661 rpccli_lsa_lookup_names( pipe_hnd, mem_ctx, 00662 op->in.pol, 1, 00663 ( const char ** ) &( op->in. 00664 name ), 00665 NULL, &user_sid, &type ); 00666 00667 if ( !NT_STATUS_IS_OK( hnd->status ) ) 00668 return CAC_FAILURE; 00669 00670 op->in.sid = user_sid; 00671 } 00672 00673 hnd->status = 00674 rpccli_lsa_enum_account_rights( pipe_hnd, mem_ctx, op->in.pol, 00675 op->in.sid, &count, &privs ); 00676 00677 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00678 return CAC_FAILURE; 00679 } 00680 00681 op->out.num_privs = count; 00682 op->out.priv_names = privs; 00683 00684 return CAC_SUCCESS; 00685 }
| int cac_LsaEnumTrustedDomains | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaEnumTrustedDomains * | op | |||
| ) |
Enumerates the trusted domains in the LSA.
| hnd | - An initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | - initialized parameters |
CAC_SUCCESS the operation completed and results were returned
cac_lsarpc.c の 687 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaEnumTrustedDomains::domain_names・LsaEnumTrustedDomains::domain_sids・LsaEnumTrustedDomains::in・num_domains・LsaEnumTrustedDomains::num_domains・LsaEnumTrustedDomains::out・CacServerHandleInternal::pipes・LsaEnumTrustedDomains::pol・LsaEnumTrustedDomains::resume_idx・rpccli_lsa_enum_trust_dom()・_CACSERVERHANDLE::status.
00689 { 00690 struct rpc_pipe_client *pipe_hnd; 00691 00692 uint32 num_domains; 00693 char **domain_names; 00694 DOM_SID *domain_sids; 00695 00696 if ( !hnd ) 00697 return CAC_FAILURE; 00698 00699 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00700 hnd->status = NT_STATUS_INVALID_HANDLE; 00701 return CAC_FAILURE; 00702 } 00703 00704 if ( !op->in.pol ) { 00705 hnd->status = NT_STATUS_INVALID_PARAMETER; 00706 return CAC_FAILURE; 00707 } 00708 00709 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00710 if ( !pipe_hnd ) { 00711 hnd->status = NT_STATUS_INVALID_HANDLE; 00712 return CAC_FAILURE; 00713 } 00714 00715 hnd->status = 00716 rpccli_lsa_enum_trust_dom( pipe_hnd, mem_ctx, op->in.pol, 00717 &( op->out.resume_idx ), 00718 &num_domains, &domain_names, 00719 &domain_sids ); 00720 00721 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00722 return CAC_FAILURE; 00723 } 00724 00725 op->out.num_domains = num_domains; 00726 op->out.domain_names = domain_names; 00727 op->out.domain_sids = domain_sids; 00728 00729 return CAC_SUCCESS; 00730 }
| int cac_LsaOpenTrustedDomain | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaOpenTrustedDomain * | op | |||
| ) |
Opens a trusted domain by SID.
| hnd | An initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | initialized I/O parameters |
CAC_SUCCESS the domain was opened successfully
cac_lsarpc.c の 732 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・LsaOpenTrustedDomain::access・cac_GetPipe()・CacServerHandleInternal::ctx・LsaOpenTrustedDomain::domain_pol・LsaOpenTrustedDomain::domain_sid・errno・LsaOpenTrustedDomain::in・LsaOpenTrustedDomain::out・CacServerHandleInternal::pipes・LsaOpenTrustedDomain::pol・rpccli_lsa_open_trusted_domain()・_CACSERVERHANDLE::status.
00734 { 00735 struct rpc_pipe_client *pipe_hnd = NULL; 00736 00737 POLICY_HND *dom_pol = NULL; 00738 00739 if ( !hnd ) 00740 return CAC_FAILURE; 00741 00742 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00743 hnd->status = NT_STATUS_INVALID_HANDLE; 00744 return CAC_FAILURE; 00745 } 00746 00747 if ( !op->in.pol || !op->in.access || !op->in.domain_sid ) { 00748 hnd->status = NT_STATUS_INVALID_PARAMETER; 00749 return CAC_FAILURE; 00750 } 00751 00752 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00753 if ( !pipe_hnd ) { 00754 hnd->status = NT_STATUS_INVALID_HANDLE; 00755 return CAC_FAILURE; 00756 } 00757 00758 dom_pol = talloc( mem_ctx, POLICY_HND ); 00759 if ( !dom_pol ) { 00760 hnd->status = NT_STATUS_NO_MEMORY; 00761 errno = ENOMEM; 00762 return CAC_FAILURE; 00763 } 00764 00765 hnd->status = 00766 rpccli_lsa_open_trusted_domain( pipe_hnd, mem_ctx, op->in.pol, 00767 op->in.domain_sid, 00768 op->in.access, dom_pol ); 00769 00770 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00771 return CAC_FAILURE; 00772 } 00773 00774 op->out.domain_pol = dom_pol; 00775 00776 return CAC_SUCCESS; 00777 }
| int cac_LsaQueryTrustedDomainInfo | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaQueryTrustedDomainInfo * | op | |||
| ) |
Retrieves information a trusted domain.
| hnd | An initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | initialized I/O parameters |
CAC_SUCCESS the domain was opened successfully
cac_lsarpc.c の 779 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaQueryTrustedDomainInfo::domain_name・LsaQueryTrustedDomainInfo::domain_sid・domain_sid・LsaQueryTrustedDomainInfo::in・LsaQueryTrustedDomainInfo::info・LsaQueryTrustedDomainInfo::info_class・LsaQueryTrustedDomainInfo::out・CacServerHandleInternal::pipes・LsaQueryTrustedDomainInfo::pol・pol・rpccli_lsa_query_trusted_domain_info_by_name()・rpccli_lsa_query_trusted_domain_info_by_sid()・_CACSERVERHANDLE::status.
00782 { 00783 struct rpc_pipe_client *pipe_hnd = NULL; 00784 00785 LSA_TRUSTED_DOMAIN_INFO *dom_info; 00786 00787 if ( !hnd ) 00788 return CAC_FAILURE; 00789 00790 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00791 hnd->status = NT_STATUS_INVALID_HANDLE; 00792 return CAC_FAILURE; 00793 } 00794 00795 if ( !op->in.pol || !op->in.info_class ) { 00796 hnd->status = NT_STATUS_INVALID_PARAMETER; 00797 return CAC_FAILURE; 00798 } 00799 00800 if ( !op->in.domain_sid && !op->in.domain_name ) { 00801 hnd->status = NT_STATUS_INVALID_PARAMETER; 00802 return CAC_FAILURE; 00803 } 00804 00805 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00806 if ( !pipe_hnd ) { 00807 hnd->status = NT_STATUS_INVALID_HANDLE; 00808 return CAC_FAILURE; 00809 } 00810 00811 if ( op->in.domain_sid ) { 00812 hnd->status = 00813 rpccli_lsa_query_trusted_domain_info_by_sid( pipe_hnd, 00814 mem_ctx, 00815 op->in. 00816 pol, 00817 op->in. 00818 info_class, 00819 op->in. 00820 domain_sid, 00821 &dom_info ); 00822 } else if ( op->in.domain_name ) { 00823 hnd->status = 00824 rpccli_lsa_query_trusted_domain_info_by_name 00825 ( pipe_hnd, mem_ctx, op->in.pol, op->in.info_class, 00826 op->in.domain_name, &dom_info ); 00827 } 00828 00829 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00830 return CAC_FAILURE; 00831 } 00832 00833 op->out.info = dom_info; 00834 00835 return CAC_SUCCESS; 00836 00837 }
| int cac_LsaEnumPrivileges | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaEnumPrivileges * | op | |||
| ) |
Enumerates the Privileges supported by the LSA.
Can be enumerated in blocks by calling the function multiple times. Example: while(cac_LsaEnumPrivileges(hnd, mem_ctx, op) { ... }
| hnd | An initialized and connected server handle | |
| mem_ctx | Talloc context for memory allocation | |
| op | Initialized parameters |
CAC_SUCCESS the operation completed and results were returned
cac_lsarpc.c の 839 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaEnumPrivileges::high_bits・LsaEnumPrivileges::in・LsaEnumPrivileges::low_bits・LsaEnumPrivileges::num_privs・LsaEnumPrivileges::out・CacServerHandleInternal::pipes・LsaEnumPrivileges::pol・LsaEnumPrivileges::pref_max_privs・LsaEnumPrivileges::priv_names・LsaEnumPrivileges::resume_idx・rpccli_lsa_enum_privilege()・_CACSERVERHANDLE::status.
00841 { 00842 struct rpc_pipe_client *pipe_hnd = NULL; 00843 00844 uint32 num_privs; 00845 char **priv_names; 00846 uint32 *high_bits; 00847 uint32 *low_bits; 00848 00849 if ( !hnd ) { 00850 return CAC_FAILURE; 00851 } 00852 00853 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00854 hnd->status = NT_STATUS_INVALID_HANDLE; 00855 return CAC_FAILURE; 00856 } 00857 00858 if ( !op || !op->in.pol ) { 00859 hnd->status = NT_STATUS_INVALID_PARAMETER; 00860 return CAC_FAILURE; 00861 } 00862 00863 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00864 if ( !pipe_hnd ) { 00865 hnd->status = NT_STATUS_INVALID_HANDLE; 00866 return CAC_FAILURE; 00867 } 00868 00869 hnd->status = 00870 rpccli_lsa_enum_privilege( pipe_hnd, mem_ctx, op->in.pol, 00871 &( op->out.resume_idx ), 00872 op->in.pref_max_privs, &num_privs, 00873 &priv_names, &high_bits, 00874 &low_bits ); 00875 00876 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00877 return CAC_FAILURE; 00878 } 00879 00880 op->out.num_privs = num_privs; 00881 op->out.priv_names = priv_names; 00882 op->out.high_bits = high_bits; 00883 op->out.low_bits = low_bits; 00884 00885 return CAC_SUCCESS; 00886 }
| int cac_LsaOpenAccount | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaOpenAccount * | op | |||
| ) |
Opens a handle to an account in the LSA
| hnd | Initialized and connected server handle | |
| mem_ctx | Context for memory allocation | |
| op | Initialized Parameters |
CAC_SUCCESS the account was opened
cac_lsarpc.c の 888 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・LsaOpenAccount::access・cac_GetPipe()・CacServerHandleInternal::ctx・LsaOpenAccount::in・LsaOpenAccount::name・name・LsaOpenAccount::out・CacServerHandleInternal::pipes・LsaOpenAccount::pol・rpccli_lsa_lookup_names()・rpccli_lsa_open_account()・LsaOpenAccount::sid・_CACSERVERHANDLE::status・type・LsaOpenAccount::user.
00890 { 00891 struct rpc_pipe_client *pipe_hnd = NULL; 00892 00893 POLICY_HND *user_pol = NULL; 00894 00895 if ( !hnd ) { 00896 return CAC_FAILURE; 00897 } 00898 00899 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00900 hnd->status = NT_STATUS_INVALID_HANDLE; 00901 return CAC_FAILURE; 00902 } 00903 00904 if ( !op || !op->in.pol ) { 00905 hnd->status = NT_STATUS_INVALID_PARAMETER; 00906 return CAC_FAILURE; 00907 } 00908 00909 if ( !op->in.sid && !op->in.name ) { 00910 hnd->status = NT_STATUS_INVALID_PARAMETER; 00911 return CAC_FAILURE; 00912 } 00913 00914 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00915 if ( !pipe_hnd ) { 00916 hnd->status = NT_STATUS_INVALID_HANDLE; 00917 return CAC_FAILURE; 00918 } 00919 00920 /*look up the user's SID if we have to */ 00921 if ( op->in.name && !op->in.sid ) { 00922 DOM_SID *user_sid = NULL; 00923 enum lsa_SidType *type; 00924 00925 /*lookup the SID */ 00926 hnd->status = 00927 rpccli_lsa_lookup_names( pipe_hnd, mem_ctx, 00928 op->in.pol, 1, 00929 ( const char ** ) &( op->in. 00930 name ), 00931 NULL, &user_sid, &type ); 00932 00933 if ( !NT_STATUS_IS_OK( hnd->status ) ) 00934 return CAC_FAILURE; 00935 00936 op->in.sid = user_sid; 00937 } 00938 00939 user_pol = talloc( mem_ctx, POLICY_HND ); 00940 if ( !user_pol ) { 00941 hnd->status = NT_STATUS_NO_MEMORY; 00942 return CAC_FAILURE; 00943 } 00944 00945 hnd->status = 00946 rpccli_lsa_open_account( pipe_hnd, mem_ctx, op->in.pol, 00947 op->in.sid, op->in.access, 00948 user_pol ); 00949 00950 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 00951 TALLOC_FREE( user_pol ); 00952 return CAC_FAILURE; 00953 } 00954 00955 op->out.user = user_pol; 00956 00957 return CAC_SUCCESS; 00958 }
| int cac_LsaAddPrivileges | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaAddPrivileges * | op | |||
| ) |
Adds Privileges an account.
| hnd | Initialized and connected server handle | |
| mem_ctx | Context for memory allocation | |
| op | Initialized Parameters |
CAC_SUCCESS the privileges were set.
cac_lsarpc.c の 961 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaAddPrivileges::in・LsaAddPrivileges::name・name・LsaAddPrivileges::num_privs・CacServerHandleInternal::pipes・LsaAddPrivileges::pol・LsaAddPrivileges::priv_names・rpccli_lsa_add_account_rights()・rpccli_lsa_lookup_names()・LsaAddPrivileges::sid・_CACSERVERHANDLE::status・type.
00963 { 00964 struct rpc_pipe_client *pipe_hnd = NULL; 00965 00966 DOM_SID *user_sid = NULL; 00967 enum lsa_SidType *type = NULL; 00968 00969 if ( !hnd ) { 00970 return CAC_FAILURE; 00971 } 00972 00973 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 00974 hnd->status = NT_STATUS_INVALID_HANDLE; 00975 return CAC_FAILURE; 00976 } 00977 00978 if ( !op || !op->in.pol || !op->in.priv_names ) { 00979 hnd->status = NT_STATUS_INVALID_PARAMETER; 00980 return CAC_FAILURE; 00981 } 00982 00983 if ( !op->in.sid && !op->in.name ) { 00984 hnd->status = NT_STATUS_INVALID_PARAMETER; 00985 return CAC_FAILURE; 00986 } 00987 00988 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 00989 if ( !pipe_hnd ) { 00990 hnd->status = NT_STATUS_INVALID_HANDLE; 00991 return CAC_FAILURE; 00992 } 00993 00994 if ( op->in.name && !op->in.sid ) { 00995 /*lookup the SID */ 00996 hnd->status = 00997 rpccli_lsa_lookup_names( pipe_hnd, mem_ctx, 00998 op->in.pol, 1, 00999 ( const char ** ) &( op->in. 01000 name ), 01001 NULL, &user_sid, &type ); 01002 01003 if ( !NT_STATUS_IS_OK( hnd->status ) ) 01004 return CAC_FAILURE; 01005 01006 op->in.sid = user_sid; 01007 } 01008 01009 hnd->status = 01010 rpccli_lsa_add_account_rights( pipe_hnd, mem_ctx, op->in.pol, 01011 *( op->in.sid ), 01012 op->in.num_privs, 01013 ( const char ** ) op->in. 01014 priv_names ); 01015 01016 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 01017 return CAC_FAILURE; 01018 } 01019 01020 return CAC_SUCCESS; 01021 }
| int cac_LsaRemovePrivileges | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaRemovePrivileges * | op | |||
| ) |
Removes a _specific_ set of privileges from an account
| hnd | Initialized and connected server handle | |
| mem_ctx | Context for memory allocation | |
| op | Initialized Parameters |
CAC_SUCCESS the privileges were removed
cac_lsarpc.c の 1023 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaRemovePrivileges::in・LsaRemovePrivileges::name・name・LsaRemovePrivileges::num_privs・CacServerHandleInternal::pipes・LsaRemovePrivileges::pol・LsaRemovePrivileges::priv_names・rpccli_lsa_lookup_names()・rpccli_lsa_remove_account_rights()・LsaRemovePrivileges::sid・_CACSERVERHANDLE::status・type.
01025 { 01026 struct rpc_pipe_client *pipe_hnd = NULL; 01027 01028 DOM_SID *user_sid = NULL; 01029 enum lsa_SidType *type = NULL; 01030 01031 if ( !hnd ) { 01032 return CAC_FAILURE; 01033 } 01034 01035 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 01036 hnd->status = NT_STATUS_INVALID_HANDLE; 01037 return CAC_FAILURE; 01038 } 01039 01040 if ( !op || !op->in.pol || !op->in.priv_names ) { 01041 hnd->status = NT_STATUS_INVALID_PARAMETER; 01042 return CAC_FAILURE; 01043 } 01044 01045 if ( !op->in.sid && !op->in.name ) { 01046 hnd->status = NT_STATUS_INVALID_PARAMETER; 01047 return CAC_FAILURE; 01048 } 01049 01050 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 01051 if ( !pipe_hnd ) { 01052 hnd->status = NT_STATUS_INVALID_HANDLE; 01053 return CAC_FAILURE; 01054 } 01055 01056 if ( op->in.name && !op->in.sid ) { 01057 /*lookup the SID */ 01058 hnd->status = 01059 rpccli_lsa_lookup_names( pipe_hnd, mem_ctx, 01060 op->in.pol, 1, 01061 ( const char ** ) &( op->in. 01062 name ), 01063 NULL, &user_sid, &type ); 01064 01065 if ( !NT_STATUS_IS_OK( hnd->status ) ) 01066 return CAC_FAILURE; 01067 01068 op->in.sid = user_sid; 01069 } 01070 01071 hnd->status = 01072 rpccli_lsa_remove_account_rights( pipe_hnd, mem_ctx, 01073 op->in.pol, *( op->in.sid ), 01074 False, op->in.num_privs, 01075 ( const char ** ) op->in. 01076 priv_names ); 01077 01078 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 01079 return CAC_FAILURE; 01080 } 01081 01082 return CAC_SUCCESS; 01083 }
| int cac_LsaClearPrivileges | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaClearPrivileges * | op | |||
| ) |
Removes ALL privileges from an account
| hnd | Initialized and connected server handle | |
| mem_ctx | Context for memory allocation | |
| op | Initialized Parameters |
CAC_SUCCESS the opeartion was successful.
cac_lsarpc.c の 1085 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaClearPrivileges::in・LsaClearPrivileges::name・name・CacServerHandleInternal::pipes・LsaClearPrivileges::pol・rpccli_lsa_lookup_names()・rpccli_lsa_remove_account_rights()・LsaClearPrivileges::sid・_CACSERVERHANDLE::status・type.
01087 { 01088 struct rpc_pipe_client *pipe_hnd = NULL; 01089 01090 DOM_SID *user_sid = NULL; 01091 enum lsa_SidType *type = NULL; 01092 01093 if ( !hnd ) { 01094 return CAC_FAILURE; 01095 } 01096 01097 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 01098 hnd->status = NT_STATUS_INVALID_HANDLE; 01099 return CAC_FAILURE; 01100 } 01101 01102 if ( !op || !op->in.pol ) { 01103 hnd->status = NT_STATUS_INVALID_PARAMETER; 01104 return CAC_FAILURE; 01105 } 01106 01107 if ( !op->in.sid && !op->in.name ) { 01108 hnd->status = NT_STATUS_INVALID_PARAMETER; 01109 return CAC_FAILURE; 01110 } 01111 01112 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 01113 if ( !pipe_hnd ) { 01114 hnd->status = NT_STATUS_INVALID_HANDLE; 01115 return CAC_FAILURE; 01116 } 01117 01118 if ( op->in.name && !op->in.sid ) { 01119 /*lookup the SID */ 01120 hnd->status = 01121 rpccli_lsa_lookup_names( pipe_hnd, mem_ctx, 01122 op->in.pol, 1, 01123 ( const char ** ) &( op->in. 01124 name ), 01125 NULL, &user_sid, &type ); 01126 01127 if ( !NT_STATUS_IS_OK( hnd->status ) ) 01128 return CAC_FAILURE; 01129 01130 op->in.sid = user_sid; 01131 } 01132 01133 hnd->status = 01134 rpccli_lsa_remove_account_rights( pipe_hnd, mem_ctx, 01135 op->in.pol, *( op->in.sid ), 01136 True, 0, NULL ); 01137 01138 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 01139 return CAC_FAILURE; 01140 } 01141 01142 return CAC_SUCCESS; 01143 }
| int cac_LsaSetPrivileges | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaAddPrivileges * | op | |||
| ) |
Sets an accounts priviliges.
Removes all privileges and then adds specified privileges.
| hnd | Initialized and connected server handle | |
| mem_ctx | Context for memory allocation | |
| op | Initialized Parameters |
CAC_SUCCESS The operation completed successfully
cac_lsarpc.c の 1145 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaAddPrivileges::in・LsaAddPrivileges::name・name・LsaAddPrivileges::num_privs・CacServerHandleInternal::pipes・LsaAddPrivileges::pol・LsaAddPrivileges::priv_names・rpccli_lsa_add_account_rights()・rpccli_lsa_lookup_names()・rpccli_lsa_remove_account_rights()・LsaAddPrivileges::sid・_CACSERVERHANDLE::status・type.
01147 { 01148 struct rpc_pipe_client *pipe_hnd = NULL; 01149 01150 DOM_SID *user_sid = NULL; 01151 enum lsa_SidType *type = NULL; 01152 01153 if ( !hnd ) { 01154 return CAC_FAILURE; 01155 } 01156 01157 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 01158 hnd->status = NT_STATUS_INVALID_HANDLE; 01159 return CAC_FAILURE; 01160 } 01161 01162 if ( !op || !op->in.pol || !op->in.priv_names ) { 01163 hnd->status = NT_STATUS_INVALID_PARAMETER; 01164 return CAC_FAILURE; 01165 } 01166 01167 if ( !op->in.sid && !op->in.name ) { 01168 hnd->status = NT_STATUS_INVALID_PARAMETER; 01169 return CAC_FAILURE; 01170 } 01171 01172 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 01173 if ( !pipe_hnd ) { 01174 return CAC_FAILURE; 01175 } 01176 01177 if ( op->in.name && !op->in.sid ) { 01178 /*lookup the SID */ 01179 hnd->status = 01180 rpccli_lsa_lookup_names( pipe_hnd, mem_ctx, 01181 op->in.pol, 1, 01182 ( const char ** ) &( op->in. 01183 name ), 01184 NULL, &user_sid, &type ); 01185 01186 if ( !NT_STATUS_IS_OK( hnd->status ) ) 01187 return CAC_FAILURE; 01188 01189 op->in.sid = user_sid; 01190 } 01191 01192 /*first remove all privileges */ 01193 hnd->status = 01194 rpccli_lsa_remove_account_rights( pipe_hnd, mem_ctx, 01195 op->in.pol, *( op->in.sid ), 01196 True, 0, NULL ); 01197 01198 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 01199 return CAC_FAILURE; 01200 } 01201 01202 hnd->status = 01203 rpccli_lsa_add_account_rights( pipe_hnd, mem_ctx, op->in.pol, 01204 *( op->in.sid ), 01205 op->in.num_privs, 01206 ( const char ** ) op->in. 01207 priv_names ); 01208 01209 if ( !NT_STATUS_IS_OK( hnd->status ) ) { 01210 return CAC_FAILURE; 01211 } 01212 01213 return CAC_SUCCESS; 01214 }
| int cac_LsaGetSecurityObject | ( | CacServerHandle * | hnd, | |
| TALLOC_CTX * | mem_ctx, | |||
| struct LsaGetSecurityObject * | op | |||
| ) |
Retrieves Security Descriptor information about the LSA
| hnd | Initialized and connected server handle | |
| mem_ctx | Context for memory allocation | |
| op | Initialized Parameters |
CAC_SUCCESS The operation completed successfully
cac_lsarpc.c の 1216 行で定義されています。
参照先 _CACSERVERHANDLE::_internal・cac_GetPipe()・CacServerHandleInternal::ctx・LsaGetSecurityObject::in・LsaGetSecurityObject::out・CacServerHandleInternal::pipes・LsaGetSecurityObject::pol・rpccli_lsa_query_secobj()・LsaGetSecurityObject::sec・_CACSERVERHANDLE::status.
01218 { 01219 struct rpc_pipe_client *pipe_hnd = NULL; 01220 01221 /*this is taken from rpcclient/cmd_lsarpc.c */ 01222 uint16 info_level = 4; 01223 01224 SEC_DESC_BUF *sec_out = NULL; 01225 01226 if ( !hnd ) { 01227 return CAC_FAILURE; 01228 } 01229 01230 if ( !hnd->_internal.ctx || !hnd->_internal.pipes[PI_LSARPC] ) { 01231 hnd->status = NT_STATUS_INVALID_HANDLE; 01232 return CAC_FAILURE; 01233 } 01234 01235 if ( !op || !op->in.pol ) { 01236 hnd->status = NT_STATUS_INVALID_PARAMETER; 01237 return CAC_FAILURE; 01238 } 01239 01240 pipe_hnd = cac_GetPipe( hnd, PI_LSARPC ); 01241 if ( !pipe_hnd ) { 01242 hnd->status = NT_STATUS_INVALID_HANDLE; 01243 return CAC_FAILURE; 01244 } 01245 01246 hnd->status = 01247 rpccli_lsa_query_secobj( pipe_hnd, mem_ctx, op->in.pol, 01248 info_level, &sec_out ); 01249 01250 if ( !NT_STATUS_IS_OK( hnd->status ) ) 01251 return CAC_FAILURE; 01252 01253 op->out.sec = sec_out; 01254 01255 return CAC_FAILURE; 01256 }
1.4.7