cli_lsarpc.c

来自「samba-3.0.22.tar.gz 编译smb服务器的源码」· C语言 代码 · 共 1,375 行 · 第 1/2 页

	ZERO_STRUCT(r);

	init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME,
		q, r,
		qbuf, rbuf,
		lsa_io_q_priv_get_dispname,
		lsa_io_r_priv_get_dispname,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	/* Return output parameters */
	
	rpcstr_pull_unistr2_fstring(description , &r.desc);
	*lang_id_desc = r.lang_id;

 done:

	return result;
}

/** Enumerate list of SIDs  */

NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                                POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length, 
                                uint32 *num_sids, DOM_SID **sids)
{
	prs_struct qbuf, rbuf;
	LSA_Q_ENUM_ACCOUNTS q;
	LSA_R_ENUM_ACCOUNTS r;
	NTSTATUS result;
	int i;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

        init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS,
		q, r,
		qbuf, rbuf,
		lsa_io_q_enum_accounts,
		lsa_io_r_enum_accounts,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	if (r.sids.num_entries==0)
		goto done;

	/* Return output parameters */

	*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
	if (!*sids) {
		DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	/* Copy across names and sids */

	for (i = 0; i < r.sids.num_entries; i++) {
		sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
	}

	*num_sids= r.sids.num_entries;
	*enum_ctx = r.enum_context;

 done:

	return result;
}

/** Create a LSA user handle
 *
 * @param cli Handle on an initialised SMB connection
 *
 * FIXME: The code is actually identical to open account
 * TODO: Check and code what the function should exactly do
 *
 * */

NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                             POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, 
			     POLICY_HND *user_pol)
{
	prs_struct qbuf, rbuf;
	LSA_Q_CREATEACCOUNT q;
	LSA_R_CREATEACCOUNT r;
	NTSTATUS result;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Initialise input parameters */

	init_lsa_q_create_account(&q, dom_pol, sid, desired_access);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT,
		q, r,
		qbuf, rbuf,
		lsa_io_q_create_account,
		lsa_io_r_create_account,
		NT_STATUS_UNSUCCESSFUL);

	/* Return output parameters */

	result = r.status;

	if (NT_STATUS_IS_OK(result)) {
		*user_pol = r.pol;
	}

	return result;
}

/** Open a LSA user handle
 *
 * @param cli Handle on an initialised SMB connection */

NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                             POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access, 
			     POLICY_HND *user_pol)
{
	prs_struct qbuf, rbuf;
	LSA_Q_OPENACCOUNT q;
	LSA_R_OPENACCOUNT r;
	NTSTATUS result;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Initialise input parameters */

	init_lsa_q_open_account(&q, dom_pol, sid, des_access);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT,
		q, r,
		qbuf, rbuf,
		lsa_io_q_open_account,
		lsa_io_r_open_account,
		NT_STATUS_UNSUCCESSFUL);

	/* Return output parameters */

	result = r.status;

	if (NT_STATUS_IS_OK(result)) {
		*user_pol = r.pol;
	}

	return result;
}

/** Enumerate user privileges
 *
 * @param cli Handle on an initialised SMB connection */

NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                             POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
{
	prs_struct qbuf, rbuf;
	LSA_Q_ENUMPRIVSACCOUNT q;
	LSA_R_ENUMPRIVSACCOUNT r;
	NTSTATUS result;
	int i;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Initialise input parameters */

	init_lsa_q_enum_privsaccount(&q, pol);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT,
		q, r,
		qbuf, rbuf,
		lsa_io_q_enum_privsaccount,
		lsa_io_r_enum_privsaccount,
		NT_STATUS_UNSUCCESSFUL);

	/* Return output parameters */

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	if (r.count == 0)
		goto done;

	if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
		DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	for (i=0; i<r.count; i++) {
		(*set)[i].luid.low = r.set.set[i].luid.low;
		(*set)[i].luid.high = r.set.set[i].luid.high;
		(*set)[i].attr = r.set.set[i].attr;
	}

	*count=r.count;
 done:

	return result;
}

/** Get a privilege value given its name */

NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
				 POLICY_HND *pol, const char *name, LUID *luid)
{
	prs_struct qbuf, rbuf;
	LSA_Q_LOOKUP_PRIV_VALUE q;
	LSA_R_LOOKUP_PRIV_VALUE r;
	NTSTATUS result;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_lsa_q_lookup_priv_value(&q, pol, name);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE,
		q, r,
		qbuf, rbuf,
		lsa_io_q_lookup_priv_value,
		lsa_io_r_lookup_priv_value,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	/* Return output parameters */

	(*luid).low=r.luid.low;
	(*luid).high=r.luid.high;

 done:

	return result;
}

/** Query LSA security object */

NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
			      POLICY_HND *pol, uint32 sec_info, 
			      SEC_DESC_BUF **psdb)
{
	prs_struct qbuf, rbuf;
	LSA_Q_QUERY_SEC_OBJ q;
	LSA_R_QUERY_SEC_OBJ r;
	NTSTATUS result;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_q_query_sec_obj(&q, pol, sec_info);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ,
		q, r,
		qbuf, rbuf,
		lsa_io_q_query_sec_obj,
		lsa_io_r_query_sec_obj,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	/* Return output parameters */

	if (psdb)
		*psdb = r.buf;

 done:

	return result;
}


/* Enumerate account rights This is similar to enum_privileges but
   takes a SID directly, avoiding the open_account call.
*/

NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
				     POLICY_HND *pol, DOM_SID *sid,
				     uint32 *count, char ***priv_names)
{
	prs_struct qbuf, rbuf;
	LSA_Q_ENUM_ACCT_RIGHTS q;
	LSA_R_ENUM_ACCT_RIGHTS r;
	NTSTATUS result;
	int i;
	fstring *privileges;
	char **names;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */
	init_q_enum_acct_rights(&q, pol, 2, sid);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS,
		q, r,
		qbuf, rbuf,
		lsa_io_q_enum_acct_rights,
		lsa_io_r_enum_acct_rights,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	*count = r.count;
	if (! *count) {
		goto done;
	}

	
	privileges = TALLOC_ARRAY( mem_ctx, fstring, *count );
	names      = TALLOC_ARRAY( mem_ctx, char *, *count );

	for ( i=0; i<*count; i++ ) {
		UNISTR4 *uni_string = &r.rights->strings[i];

		if ( !uni_string->string )
			continue;

		rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE );
			
		/* now copy to the return array */
		names[i] = talloc_strdup( mem_ctx, privileges[i] );
	}
	
	*priv_names = names;

done:

	return result;
}



/* add account rights to an account. */

NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
				    POLICY_HND *pol, DOM_SID sid,
					uint32 count, const char **privs_name)
{
	prs_struct qbuf, rbuf;
	LSA_Q_ADD_ACCT_RIGHTS q;
	LSA_R_ADD_ACCT_RIGHTS r;
	NTSTATUS result;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */
	init_q_add_acct_rights(&q, pol, &sid, count, privs_name);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS,
		q, r,
		qbuf, rbuf,
		lsa_io_q_add_acct_rights,
		lsa_io_r_add_acct_rights,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}
done:

	return result;
}


/* remove account rights for an account. */

NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
				       POLICY_HND *pol, DOM_SID sid, BOOL removeall,
				       uint32 count, const char **privs_name)
{
	prs_struct qbuf, rbuf;
	LSA_Q_REMOVE_ACCT_RIGHTS q;
	LSA_R_REMOVE_ACCT_RIGHTS r;
	NTSTATUS result;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */
	init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name);

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS,
		q, r,
		qbuf, rbuf,
		lsa_io_q_remove_acct_rights,
		lsa_io_r_remove_acct_rights,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}
done:

	return result;
}


#if 0

/** An example of how to use the routines in this file.  Fetch a DOMAIN
    sid. Does complete cli setup / teardown anonymously. */

BOOL fetch_domain_sid( char *domain, char *remote_machine, DOM_SID *psid)
{
	extern pstring global_myname;
	struct cli_state cli;
	NTSTATUS result;
	POLICY_HND lsa_pol;
	BOOL ret = False;
 
	ZERO_STRUCT(cli);
	if(cli_initialise(&cli) == False) {
		DEBUG(0,("fetch_domain_sid: unable to initialize client connection.\n"));
		return False;
	}
 
	if(!resolve_name( remote_machine, &cli.dest_ip, 0x20)) {
		DEBUG(0,("fetch_domain_sid: Can't resolve address for %s\n", remote_machine));
		goto done;
	}
 
	if (!cli_connect(&cli, remote_machine, &cli.dest_ip)) {
		DEBUG(0,("fetch_domain_sid: unable to connect to SMB server on \
machine %s. Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
		goto done;
	}

	if (!attempt_netbios_session_request(&cli, global_myname, remote_machine, &cli.dest_ip)) {
		DEBUG(0,("fetch_domain_sid: machine %s rejected the NetBIOS session request.\n", 
			remote_machine));
		goto done;
	}
 
	cli.protocol = PROTOCOL_NT1;
 
	if (!cli_negprot(&cli)) {
		DEBUG(0,("fetch_domain_sid: machine %s rejected the negotiate protocol. \
Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
		goto done;
	}
 
	if (cli.protocol != PROTOCOL_NT1) {
		DEBUG(0,("fetch_domain_sid: machine %s didn't negotiate NT protocol.\n",
			remote_machine));
		goto done;
	}
 
	/*
	 * Do an anonymous session setup.
	 */
 
	if (!cli_session_setup(&cli, "", "", 0, "", 0, "")) {
		DEBUG(0,("fetch_domain_sid: machine %s rejected the session setup. \
Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
		goto done;
	}
 
	if (!(cli.sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
		DEBUG(0,("fetch_domain_sid: machine %s isn't in user level security mode\n",
			remote_machine));
		goto done;
	}

	if (!cli_send_tconX(&cli, "IPC$", "IPC", "", 1)) {
		DEBUG(0,("fetch_domain_sid: machine %s rejected the tconX on the IPC$ share. \
Error was : %s.\n", remote_machine, cli_errstr(&cli) ));
		goto done;
	}

	/* Fetch domain sid */
 
	if (!cli_nt_session_open(&cli, PI_LSARPC)) {
		DEBUG(0, ("fetch_domain_sid: Error connecting to SAM pipe\n"));
		goto done;
	}
 
	result = cli_lsa_open_policy(&cli, cli.mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, &lsa_pol);
	if (!NT_STATUS_IS_OK(result)) {
		DEBUG(0, ("fetch_domain_sid: Error opening lsa policy handle. %s\n",
			nt_errstr(result) ));
		goto done;
	}
 
	result = cli_lsa_query_info_policy(&cli, cli.mem_ctx, &lsa_pol, 5, domain, psid);
	if (!NT_STATUS_IS_OK(result)) {
		DEBUG(0, ("fetch_domain_sid: Error querying lsa policy handle. %s\n",
			nt_errstr(result) ));
		goto done;
	}
 
	ret = True;

  done:

	cli_shutdown(&cli);
	return ret;
}

#endif

NTSTATUS rpccli_lsa_open_trusted_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
				     POLICY_HND *pol, DOM_SID *dom_sid, uint32 access_mask,
				     POLICY_HND *trustdom_pol)
{
	prs_struct qbuf, rbuf;
	LSA_Q_OPEN_TRUSTED_DOMAIN q;
	LSA_R_OPEN_TRUSTED_DOMAIN r;
	NTSTATUS result;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Initialise input parameters */

	init_lsa_q_open_trusted_domain(&q, pol, dom_sid, access_mask);

	/* Marshall data and send request */

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENTRUSTDOM,
		q, r,
		qbuf, rbuf,
		lsa_io_q_open_trusted_domain,
		lsa_io_r_open_trusted_domain,
		NT_STATUS_UNSUCCESSFUL);

	/* Return output parameters */
	
	result = r.status;

	if (NT_STATUS_IS_OK(result)) {
		*trustdom_pol = r.handle;
	}

	return result;
}

NTSTATUS rpccli_lsa_query_trusted_domain_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
					   POLICY_HND *pol, 
					   uint16 info_class,  
					   LSA_TRUSTED_DOMAIN_INFO **info)
{
	prs_struct qbuf, rbuf;
	LSA_Q_QUERY_TRUSTED_DOMAIN_INFO q;
	LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_q_query_trusted_domain_info(&q, pol, info_class); 

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFO,
		q, r,
		qbuf, rbuf,
		lsa_io_q_query_trusted_domain_info,
		lsa_io_r_query_trusted_domain_info,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	*info = r.info;
		
done:
	return result;
}


NTSTATUS rpccli_lsa_query_trusted_domain_info_by_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
						  POLICY_HND *pol, 
						  uint16 info_class, DOM_SID *dom_sid, 
						  LSA_TRUSTED_DOMAIN_INFO **info)
{
	prs_struct qbuf, rbuf;
	LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_SID q;
	LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_q_query_trusted_domain_info_by_sid(&q, pol, info_class, dom_sid); 

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYSID,
		q, r,
		qbuf, rbuf,
		lsa_io_q_query_trusted_domain_info_by_sid,
		lsa_io_r_query_trusted_domain_info,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	*info = r.info;

done:

	return result;
}

NTSTATUS rpccli_lsa_query_trusted_domain_info_by_name(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
						   POLICY_HND *pol, 
						   uint16 info_class, const char *domain_name, 
						   LSA_TRUSTED_DOMAIN_INFO **info)
{
	prs_struct qbuf, rbuf;
	LSA_Q_QUERY_TRUSTED_DOMAIN_INFO_BY_NAME q;
	LSA_R_QUERY_TRUSTED_DOMAIN_INFO r;
	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;

	ZERO_STRUCT(q);
	ZERO_STRUCT(r);

	/* Marshall data and send request */

	init_q_query_trusted_domain_info_by_name(&q, pol, info_class, domain_name); 

	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYTRUSTDOMINFOBYNAME,
		q, r,
		qbuf, rbuf,
		lsa_io_q_query_trusted_domain_info_by_name,
		lsa_io_r_query_trusted_domain_info,
		NT_STATUS_UNSUCCESSFUL);

	result = r.status;

	if (!NT_STATUS_IS_OK(result)) {
		goto done;
	}

	*info = r.info;

done:
	
	return result;
}