111337SWilliam.Krier@Sun.COM /* 211337SWilliam.Krier@Sun.COM * CDDL HEADER START 311337SWilliam.Krier@Sun.COM * 411337SWilliam.Krier@Sun.COM * The contents of this file are subject to the terms of the 511337SWilliam.Krier@Sun.COM * Common Development and Distribution License (the "License"). 611337SWilliam.Krier@Sun.COM * You may not use this file except in compliance with the License. 711337SWilliam.Krier@Sun.COM * 811337SWilliam.Krier@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 911337SWilliam.Krier@Sun.COM * or http://www.opensolaris.org/os/licensing. 1011337SWilliam.Krier@Sun.COM * See the License for the specific language governing permissions 1111337SWilliam.Krier@Sun.COM * and limitations under the License. 1211337SWilliam.Krier@Sun.COM * 1311337SWilliam.Krier@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 1411337SWilliam.Krier@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1511337SWilliam.Krier@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 1611337SWilliam.Krier@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 1711337SWilliam.Krier@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 1811337SWilliam.Krier@Sun.COM * 1911337SWilliam.Krier@Sun.COM * CDDL HEADER END 2011337SWilliam.Krier@Sun.COM */ 21*12508Samw@Sun.COM 2211337SWilliam.Krier@Sun.COM /* 23*12508Samw@Sun.COM * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 2411337SWilliam.Krier@Sun.COM */ 2511337SWilliam.Krier@Sun.COM 2611337SWilliam.Krier@Sun.COM /* 2711337SWilliam.Krier@Sun.COM * Local Security Authority RPC (LSAR) server-side interface. 2811337SWilliam.Krier@Sun.COM */ 2911337SWilliam.Krier@Sun.COM 3011337SWilliam.Krier@Sun.COM #include <unistd.h> 3111337SWilliam.Krier@Sun.COM #include <strings.h> 3211337SWilliam.Krier@Sun.COM #include <pwd.h> 3311337SWilliam.Krier@Sun.COM #include <grp.h> 3411337SWilliam.Krier@Sun.COM 3511337SWilliam.Krier@Sun.COM #include <smbsrv/libsmb.h> 3611337SWilliam.Krier@Sun.COM #include <smbsrv/libmlrpc.h> 3711337SWilliam.Krier@Sun.COM #include <smbsrv/libmlsvc.h> 3811337SWilliam.Krier@Sun.COM #include <smbsrv/ndl/lsarpc.ndl> 3911337SWilliam.Krier@Sun.COM #include <lsalib.h> 4011337SWilliam.Krier@Sun.COM #include <smbsrv/smbinfo.h> 4111337SWilliam.Krier@Sun.COM #include <smbsrv/nmpipes.h> 4211337SWilliam.Krier@Sun.COM #include <smbsrv/ntlocale.h> 4311337SWilliam.Krier@Sun.COM 4411337SWilliam.Krier@Sun.COM struct local_group_table { 4511337SWilliam.Krier@Sun.COM WORD sid_name_use; 4611337SWilliam.Krier@Sun.COM WORD domain_ix; 4711337SWilliam.Krier@Sun.COM char *sid; 4811337SWilliam.Krier@Sun.COM char *name; 4911337SWilliam.Krier@Sun.COM }; 5011337SWilliam.Krier@Sun.COM 5111337SWilliam.Krier@Sun.COM static int lsarpc_key_domain; 5211337SWilliam.Krier@Sun.COM static int lsarpc_key_account; 5311337SWilliam.Krier@Sun.COM 5411337SWilliam.Krier@Sun.COM static int lsarpc_call_stub(ndr_xa_t *mxa); 5511337SWilliam.Krier@Sun.COM 5611337SWilliam.Krier@Sun.COM static int lsarpc_s_CloseHandle(void *, ndr_xa_t *); 5711337SWilliam.Krier@Sun.COM static int lsarpc_s_QuerySecurityObject(void *, ndr_xa_t *); 5811337SWilliam.Krier@Sun.COM static int lsarpc_s_EnumAccounts(void *, ndr_xa_t *); 5911337SWilliam.Krier@Sun.COM static int lsarpc_s_EnumTrustedDomain(void *, ndr_xa_t *); 6011337SWilliam.Krier@Sun.COM static int lsarpc_s_EnumTrustedDomainsEx(void *, ndr_xa_t *); 6111337SWilliam.Krier@Sun.COM static int lsarpc_s_OpenAccount(void *, ndr_xa_t *); 6211337SWilliam.Krier@Sun.COM static int lsarpc_s_EnumPrivsAccount(void *, ndr_xa_t *); 6311337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupPrivValue(void *, ndr_xa_t *); 6411337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupPrivName(void *, ndr_xa_t *); 6511337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupPrivDisplayName(void *, ndr_xa_t *); 6611337SWilliam.Krier@Sun.COM static int lsarpc_s_CreateSecret(void *, ndr_xa_t *); 6711337SWilliam.Krier@Sun.COM static int lsarpc_s_OpenSecret(void *, ndr_xa_t *); 6811337SWilliam.Krier@Sun.COM static int lsarpc_s_QueryInfoPolicy(void *, ndr_xa_t *); 6911337SWilliam.Krier@Sun.COM static int lsarpc_s_OpenDomainHandle(void *, ndr_xa_t *); 7011337SWilliam.Krier@Sun.COM static int lsarpc_s_OpenDomainHandle(void *, ndr_xa_t *); 7111337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupSids(void *, ndr_xa_t *); 7211337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupNames(void *, ndr_xa_t *); 7311337SWilliam.Krier@Sun.COM static int lsarpc_s_GetConnectedUser(void *, ndr_xa_t *); 7411337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupSids2(void *, ndr_xa_t *); 7511337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupSids3(void *, ndr_xa_t *); 7611337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupNames2(void *, ndr_xa_t *); 7711337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupNames3(void *, ndr_xa_t *); 7811337SWilliam.Krier@Sun.COM static int lsarpc_s_LookupNames4(void *, ndr_xa_t *); 7911337SWilliam.Krier@Sun.COM 8011337SWilliam.Krier@Sun.COM static DWORD lsarpc_s_PrimaryDomainInfo(struct mslsa_PrimaryDomainInfo *, 8111337SWilliam.Krier@Sun.COM ndr_xa_t *); 8211337SWilliam.Krier@Sun.COM static DWORD lsarpc_s_AccountDomainInfo(struct mslsa_AccountDomainInfo *, 8311337SWilliam.Krier@Sun.COM ndr_xa_t *); 8411337SWilliam.Krier@Sun.COM static int lsarpc_s_UpdateDomainTable(ndr_xa_t *, 8511337SWilliam.Krier@Sun.COM smb_account_t *, struct mslsa_domain_table *, DWORD *); 8611337SWilliam.Krier@Sun.COM 8711337SWilliam.Krier@Sun.COM static ndr_stub_table_t lsarpc_stub_table[] = { 8811337SWilliam.Krier@Sun.COM { lsarpc_s_CloseHandle, LSARPC_OPNUM_CloseHandle }, 8911337SWilliam.Krier@Sun.COM { lsarpc_s_QuerySecurityObject, LSARPC_OPNUM_QuerySecurityObject }, 9011337SWilliam.Krier@Sun.COM { lsarpc_s_EnumAccounts, LSARPC_OPNUM_EnumerateAccounts }, 9111337SWilliam.Krier@Sun.COM { lsarpc_s_EnumTrustedDomain, LSARPC_OPNUM_EnumTrustedDomain }, 9211337SWilliam.Krier@Sun.COM { lsarpc_s_EnumTrustedDomainsEx, LSARPC_OPNUM_EnumTrustedDomainsEx }, 9311337SWilliam.Krier@Sun.COM { lsarpc_s_OpenAccount, LSARPC_OPNUM_OpenAccount }, 9411337SWilliam.Krier@Sun.COM { lsarpc_s_EnumPrivsAccount, LSARPC_OPNUM_EnumPrivsAccount }, 9511337SWilliam.Krier@Sun.COM { lsarpc_s_LookupPrivValue, LSARPC_OPNUM_LookupPrivValue }, 9611337SWilliam.Krier@Sun.COM { lsarpc_s_LookupPrivName, LSARPC_OPNUM_LookupPrivName }, 9711337SWilliam.Krier@Sun.COM { lsarpc_s_LookupPrivDisplayName, LSARPC_OPNUM_LookupPrivDisplayName }, 9811337SWilliam.Krier@Sun.COM { lsarpc_s_CreateSecret, LSARPC_OPNUM_CreateSecret }, 9911337SWilliam.Krier@Sun.COM { lsarpc_s_OpenSecret, LSARPC_OPNUM_OpenSecret }, 10011337SWilliam.Krier@Sun.COM { lsarpc_s_QueryInfoPolicy, LSARPC_OPNUM_QueryInfoPolicy }, 10111337SWilliam.Krier@Sun.COM { lsarpc_s_OpenDomainHandle, LSARPC_OPNUM_OpenPolicy }, 10211337SWilliam.Krier@Sun.COM { lsarpc_s_OpenDomainHandle, LSARPC_OPNUM_OpenPolicy2 }, 10311337SWilliam.Krier@Sun.COM { lsarpc_s_LookupSids, LSARPC_OPNUM_LookupSids }, 10411337SWilliam.Krier@Sun.COM { lsarpc_s_LookupNames, LSARPC_OPNUM_LookupNames }, 10511337SWilliam.Krier@Sun.COM { lsarpc_s_GetConnectedUser, LSARPC_OPNUM_GetConnectedUser }, 10611337SWilliam.Krier@Sun.COM { lsarpc_s_LookupSids2, LSARPC_OPNUM_LookupSids2 }, 10711337SWilliam.Krier@Sun.COM { lsarpc_s_LookupSids3, LSARPC_OPNUM_LookupSids3 }, 10811337SWilliam.Krier@Sun.COM { lsarpc_s_LookupNames2, LSARPC_OPNUM_LookupNames2 }, 10911337SWilliam.Krier@Sun.COM { lsarpc_s_LookupNames3, LSARPC_OPNUM_LookupNames3 }, 11011337SWilliam.Krier@Sun.COM { lsarpc_s_LookupNames4, LSARPC_OPNUM_LookupNames4 }, 11111337SWilliam.Krier@Sun.COM {0} 11211337SWilliam.Krier@Sun.COM }; 11311337SWilliam.Krier@Sun.COM 11411337SWilliam.Krier@Sun.COM static ndr_service_t lsarpc_service = { 11511337SWilliam.Krier@Sun.COM "LSARPC", /* name */ 11611337SWilliam.Krier@Sun.COM "Local Security Authority", /* desc */ 11711337SWilliam.Krier@Sun.COM "\\lsarpc", /* endpoint */ 11811337SWilliam.Krier@Sun.COM PIPE_LSASS, /* sec_addr_port */ 11911337SWilliam.Krier@Sun.COM "12345778-1234-abcd-ef00-0123456789ab", 0, /* abstract */ 12011337SWilliam.Krier@Sun.COM NDR_TRANSFER_SYNTAX_UUID, 2, /* transfer */ 12111337SWilliam.Krier@Sun.COM 0, /* no bind_instance_size */ 12211337SWilliam.Krier@Sun.COM NULL, /* no bind_req() */ 12311337SWilliam.Krier@Sun.COM NULL, /* no unbind_and_close() */ 12411337SWilliam.Krier@Sun.COM lsarpc_call_stub, /* call_stub() */ 12511337SWilliam.Krier@Sun.COM &TYPEINFO(lsarpc_interface), /* interface ti */ 12611337SWilliam.Krier@Sun.COM lsarpc_stub_table /* stub_table */ 12711337SWilliam.Krier@Sun.COM }; 12811337SWilliam.Krier@Sun.COM 12911337SWilliam.Krier@Sun.COM /* 13011337SWilliam.Krier@Sun.COM * lsarpc_initialize 13111337SWilliam.Krier@Sun.COM * 13211337SWilliam.Krier@Sun.COM * This function registers the LSA RPC interface with the RPC runtime 13311337SWilliam.Krier@Sun.COM * library. It must be called in order to use either the client side 13411337SWilliam.Krier@Sun.COM * or the server side functions. 13511337SWilliam.Krier@Sun.COM */ 13611337SWilliam.Krier@Sun.COM void 13711337SWilliam.Krier@Sun.COM lsarpc_initialize(void) 13811337SWilliam.Krier@Sun.COM { 13911337SWilliam.Krier@Sun.COM (void) ndr_svc_register(&lsarpc_service); 14011337SWilliam.Krier@Sun.COM } 14111337SWilliam.Krier@Sun.COM 14211337SWilliam.Krier@Sun.COM /* 14311337SWilliam.Krier@Sun.COM * Custom call_stub to set the stream string policy. 14411337SWilliam.Krier@Sun.COM */ 14511337SWilliam.Krier@Sun.COM static int 14611337SWilliam.Krier@Sun.COM lsarpc_call_stub(ndr_xa_t *mxa) 14711337SWilliam.Krier@Sun.COM { 14811337SWilliam.Krier@Sun.COM NDS_SETF(&mxa->send_nds, NDS_F_NOTERM); 14911337SWilliam.Krier@Sun.COM NDS_SETF(&mxa->recv_nds, NDS_F_NOTERM); 15011337SWilliam.Krier@Sun.COM 15111337SWilliam.Krier@Sun.COM return (ndr_generic_call_stub(mxa)); 15211337SWilliam.Krier@Sun.COM } 15311337SWilliam.Krier@Sun.COM 15411337SWilliam.Krier@Sun.COM /* 15511337SWilliam.Krier@Sun.COM * lsarpc_s_OpenDomainHandle opnum=0x06 15611337SWilliam.Krier@Sun.COM * 15711337SWilliam.Krier@Sun.COM * This is a request to open the LSA (OpenPolicy and OpenPolicy2). 15811337SWilliam.Krier@Sun.COM * The client is looking for an LSA domain handle. 15911337SWilliam.Krier@Sun.COM */ 16011337SWilliam.Krier@Sun.COM static int 16111337SWilliam.Krier@Sun.COM lsarpc_s_OpenDomainHandle(void *arg, ndr_xa_t *mxa) 16211337SWilliam.Krier@Sun.COM { 16311337SWilliam.Krier@Sun.COM struct mslsa_OpenPolicy2 *param = arg; 16411337SWilliam.Krier@Sun.COM ndr_hdid_t *id; 16511337SWilliam.Krier@Sun.COM 16611337SWilliam.Krier@Sun.COM if ((id = ndr_hdalloc(mxa, &lsarpc_key_domain)) != NULL) { 16711337SWilliam.Krier@Sun.COM bcopy(id, ¶m->domain_handle, sizeof (mslsa_handle_t)); 16811337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 16911337SWilliam.Krier@Sun.COM } else { 17011337SWilliam.Krier@Sun.COM bzero(¶m->domain_handle, sizeof (mslsa_handle_t)); 17111337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 17211337SWilliam.Krier@Sun.COM } 17311337SWilliam.Krier@Sun.COM 17411337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 17511337SWilliam.Krier@Sun.COM } 17611337SWilliam.Krier@Sun.COM 17711337SWilliam.Krier@Sun.COM /* 17811337SWilliam.Krier@Sun.COM * lsarpc_s_CloseHandle opnum=0x00 17911337SWilliam.Krier@Sun.COM * 18011337SWilliam.Krier@Sun.COM * This is a request to close the LSA interface specified by the handle. 18111337SWilliam.Krier@Sun.COM * We don't track handles (yet), so just zero out the handle and return 18211337SWilliam.Krier@Sun.COM * NDR_DRC_OK. Setting the handle to zero appears to be standard 18311337SWilliam.Krier@Sun.COM * behaviour and someone may rely on it, i.e. we do on the client side. 18411337SWilliam.Krier@Sun.COM */ 18511337SWilliam.Krier@Sun.COM static int 18611337SWilliam.Krier@Sun.COM lsarpc_s_CloseHandle(void *arg, ndr_xa_t *mxa) 18711337SWilliam.Krier@Sun.COM { 18811337SWilliam.Krier@Sun.COM struct mslsa_CloseHandle *param = arg; 18911337SWilliam.Krier@Sun.COM ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle; 19011337SWilliam.Krier@Sun.COM 19111337SWilliam.Krier@Sun.COM ndr_hdfree(mxa, id); 19211337SWilliam.Krier@Sun.COM 19311337SWilliam.Krier@Sun.COM bzero(¶m->result_handle, sizeof (param->result_handle)); 19411337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 19511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 19611337SWilliam.Krier@Sun.COM } 19711337SWilliam.Krier@Sun.COM 19811337SWilliam.Krier@Sun.COM /* 19911337SWilliam.Krier@Sun.COM * lsarpc_s_QuerySecurityObject 20011337SWilliam.Krier@Sun.COM */ 20111337SWilliam.Krier@Sun.COM /*ARGSUSED*/ 20211337SWilliam.Krier@Sun.COM static int 20311337SWilliam.Krier@Sun.COM lsarpc_s_QuerySecurityObject(void *arg, ndr_xa_t *mxa) 20411337SWilliam.Krier@Sun.COM { 20511337SWilliam.Krier@Sun.COM struct mslsa_QuerySecurityObject *param = arg; 20611337SWilliam.Krier@Sun.COM 20711337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_QuerySecurityObject)); 20811337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED); 20911337SWilliam.Krier@Sun.COM 21011337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 21111337SWilliam.Krier@Sun.COM } 21211337SWilliam.Krier@Sun.COM 21311337SWilliam.Krier@Sun.COM /* 21411337SWilliam.Krier@Sun.COM * lsarpc_s_EnumAccounts 21511337SWilliam.Krier@Sun.COM * 21611337SWilliam.Krier@Sun.COM * Enumerate the list of local accounts SIDs. The client should supply 21711337SWilliam.Krier@Sun.COM * a valid OpenPolicy2 handle. The enum_context is used to support 21811337SWilliam.Krier@Sun.COM * multiple enumeration calls to obtain the complete list of SIDs. 21911337SWilliam.Krier@Sun.COM * It should be set to 0 on the first call and passed unchanged on 22011337SWilliam.Krier@Sun.COM * subsequent calls until there are no more accounts - the server will 221*12508Samw@Sun.COM * return STATUS_NO_MORE_ENTRIES. 22211337SWilliam.Krier@Sun.COM * 22311337SWilliam.Krier@Sun.COM * For now just set the status to access-denied. Note that we still have 22411337SWilliam.Krier@Sun.COM * to provide a valid address for enum_buf because it's a reference and 22511337SWilliam.Krier@Sun.COM * the marshalling rules require that references must not be null. 22611337SWilliam.Krier@Sun.COM * The enum_context is used to support multiple 22711337SWilliam.Krier@Sun.COM */ 22811337SWilliam.Krier@Sun.COM static int 22911337SWilliam.Krier@Sun.COM lsarpc_s_EnumAccounts(void *arg, ndr_xa_t *mxa) 23011337SWilliam.Krier@Sun.COM { 23111337SWilliam.Krier@Sun.COM struct mslsa_EnumerateAccounts *param = arg; 23211337SWilliam.Krier@Sun.COM struct mslsa_EnumAccountBuf *enum_buf; 23311337SWilliam.Krier@Sun.COM 23411337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_EnumerateAccounts)); 23511337SWilliam.Krier@Sun.COM 23611337SWilliam.Krier@Sun.COM enum_buf = NDR_NEW(mxa, struct mslsa_EnumAccountBuf); 23711337SWilliam.Krier@Sun.COM if (enum_buf == NULL) { 23811337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 23911337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 24011337SWilliam.Krier@Sun.COM } 24111337SWilliam.Krier@Sun.COM 24211337SWilliam.Krier@Sun.COM bzero(enum_buf, sizeof (struct mslsa_EnumAccountBuf)); 24311337SWilliam.Krier@Sun.COM param->enum_buf = enum_buf; 24411337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED); 24511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 24611337SWilliam.Krier@Sun.COM } 24711337SWilliam.Krier@Sun.COM 24811337SWilliam.Krier@Sun.COM 24911337SWilliam.Krier@Sun.COM /* 25011337SWilliam.Krier@Sun.COM * lsarpc_s_EnumTrustedDomain 25111337SWilliam.Krier@Sun.COM * 25211337SWilliam.Krier@Sun.COM * This is the server side function for handling requests to enumerate 25311337SWilliam.Krier@Sun.COM * the list of trusted domains: currently held in the NT domain database. 25411337SWilliam.Krier@Sun.COM * This call requires an OpenPolicy2 handle. The enum_context is used to 25511337SWilliam.Krier@Sun.COM * support multiple enumeration calls to obtain the complete list. 25611337SWilliam.Krier@Sun.COM * It should be set to 0 on the first call and passed unchanged on 25711337SWilliam.Krier@Sun.COM * subsequent calls until there are no more accounts - the server will 258*12508Samw@Sun.COM * return STATUS_NO_MORE_ENTRIES. 25911337SWilliam.Krier@Sun.COM * 26011337SWilliam.Krier@Sun.COM * For now just set the status to access-denied. Note that we still have 26111337SWilliam.Krier@Sun.COM * to provide a valid address for enum_buf because it's a reference and 26211337SWilliam.Krier@Sun.COM * the marshalling rules require that references must not be null. 26311337SWilliam.Krier@Sun.COM */ 26411337SWilliam.Krier@Sun.COM static int 26511337SWilliam.Krier@Sun.COM lsarpc_s_EnumTrustedDomain(void *arg, ndr_xa_t *mxa) 26611337SWilliam.Krier@Sun.COM { 26711337SWilliam.Krier@Sun.COM struct mslsa_EnumTrustedDomain *param = arg; 26811337SWilliam.Krier@Sun.COM struct mslsa_EnumTrustedDomainBuf *enum_buf; 26911337SWilliam.Krier@Sun.COM 27011337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_EnumTrustedDomain)); 27111337SWilliam.Krier@Sun.COM 27211337SWilliam.Krier@Sun.COM enum_buf = NDR_NEW(mxa, struct mslsa_EnumTrustedDomainBuf); 27311337SWilliam.Krier@Sun.COM if (enum_buf == NULL) { 27411337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 27511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 27611337SWilliam.Krier@Sun.COM } 27711337SWilliam.Krier@Sun.COM 27811337SWilliam.Krier@Sun.COM bzero(enum_buf, sizeof (struct mslsa_EnumTrustedDomainBuf)); 27911337SWilliam.Krier@Sun.COM param->enum_buf = enum_buf; 28011337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED); 28111337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 28211337SWilliam.Krier@Sun.COM } 28311337SWilliam.Krier@Sun.COM 28411337SWilliam.Krier@Sun.COM /* 28511337SWilliam.Krier@Sun.COM * lsarpc_s_EnumTrustedDomainsEx 28611337SWilliam.Krier@Sun.COM * 28711337SWilliam.Krier@Sun.COM * This is the server side function for handling requests to enumerate 28811337SWilliam.Krier@Sun.COM * the list of trusted domains: currently held in the NT domain database. 28911337SWilliam.Krier@Sun.COM * This call requires an OpenPolicy2 handle. The enum_context is used to 29011337SWilliam.Krier@Sun.COM * support multiple enumeration calls to obtain the complete list. 29111337SWilliam.Krier@Sun.COM * It should be set to 0 on the first call and passed unchanged on 29211337SWilliam.Krier@Sun.COM * subsequent calls until there are no more accounts - the server will 293*12508Samw@Sun.COM * return STATUS_NO_MORE_ENTRIES. 29411337SWilliam.Krier@Sun.COM * 29511337SWilliam.Krier@Sun.COM * For now just set the status to access-denied. Note that we still have 29611337SWilliam.Krier@Sun.COM * to provide a valid address for enum_buf because it's a reference and 29711337SWilliam.Krier@Sun.COM * the marshalling rules require that references must not be null. 29811337SWilliam.Krier@Sun.COM */ 29911337SWilliam.Krier@Sun.COM static int 30011337SWilliam.Krier@Sun.COM lsarpc_s_EnumTrustedDomainsEx(void *arg, ndr_xa_t *mxa) 30111337SWilliam.Krier@Sun.COM { 30211337SWilliam.Krier@Sun.COM struct mslsa_EnumTrustedDomainEx *param = arg; 30311337SWilliam.Krier@Sun.COM struct mslsa_EnumTrustedDomainBufEx *enum_buf; 30411337SWilliam.Krier@Sun.COM 30511337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_EnumTrustedDomainEx)); 30611337SWilliam.Krier@Sun.COM 30711337SWilliam.Krier@Sun.COM enum_buf = NDR_NEW(mxa, struct mslsa_EnumTrustedDomainBufEx); 30811337SWilliam.Krier@Sun.COM if (enum_buf == NULL) { 30911337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 31011337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 31111337SWilliam.Krier@Sun.COM } 31211337SWilliam.Krier@Sun.COM 31311337SWilliam.Krier@Sun.COM bzero(enum_buf, sizeof (struct mslsa_EnumTrustedDomainBufEx)); 31411337SWilliam.Krier@Sun.COM param->enum_buf = enum_buf; 31511337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED); 31611337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 31711337SWilliam.Krier@Sun.COM } 31811337SWilliam.Krier@Sun.COM 31911337SWilliam.Krier@Sun.COM /* 32011337SWilliam.Krier@Sun.COM * lsarpc_s_OpenAccount 32111337SWilliam.Krier@Sun.COM * 32211337SWilliam.Krier@Sun.COM * This is a request to open an account handle. 32311337SWilliam.Krier@Sun.COM */ 32411337SWilliam.Krier@Sun.COM static int 32511337SWilliam.Krier@Sun.COM lsarpc_s_OpenAccount(void *arg, ndr_xa_t *mxa) 32611337SWilliam.Krier@Sun.COM { 32711337SWilliam.Krier@Sun.COM struct mslsa_OpenAccount *param = arg; 32811337SWilliam.Krier@Sun.COM ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle; 32911337SWilliam.Krier@Sun.COM ndr_handle_t *hd; 33011337SWilliam.Krier@Sun.COM 33111337SWilliam.Krier@Sun.COM hd = ndr_hdlookup(mxa, id); 33211337SWilliam.Krier@Sun.COM if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) { 33311337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_OpenAccount)); 33411337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE); 33511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 33611337SWilliam.Krier@Sun.COM } 33711337SWilliam.Krier@Sun.COM 33811337SWilliam.Krier@Sun.COM if ((id = ndr_hdalloc(mxa, &lsarpc_key_account)) != NULL) { 33911337SWilliam.Krier@Sun.COM bcopy(id, ¶m->account_handle, sizeof (mslsa_handle_t)); 34011337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 34111337SWilliam.Krier@Sun.COM } else { 34211337SWilliam.Krier@Sun.COM bzero(¶m->account_handle, sizeof (mslsa_handle_t)); 34311337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 34411337SWilliam.Krier@Sun.COM } 34511337SWilliam.Krier@Sun.COM 34611337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 34711337SWilliam.Krier@Sun.COM } 34811337SWilliam.Krier@Sun.COM 34911337SWilliam.Krier@Sun.COM 35011337SWilliam.Krier@Sun.COM /* 35111337SWilliam.Krier@Sun.COM * lsarpc_s_EnumPrivsAccount 35211337SWilliam.Krier@Sun.COM * 35311337SWilliam.Krier@Sun.COM * This is the server side function for handling requests for account 35411337SWilliam.Krier@Sun.COM * privileges. For now just set the status to not-supported status and 35511337SWilliam.Krier@Sun.COM * return NDR_DRC_OK. Note that we still have to provide a valid 35611337SWilliam.Krier@Sun.COM * address for enum_buf because it's a reference and the marshalling 35711337SWilliam.Krier@Sun.COM * rules require that references must not be null. 35811337SWilliam.Krier@Sun.COM */ 35911337SWilliam.Krier@Sun.COM /*ARGSUSED*/ 36011337SWilliam.Krier@Sun.COM static int 36111337SWilliam.Krier@Sun.COM lsarpc_s_EnumPrivsAccount(void *arg, ndr_xa_t *mxa) 36211337SWilliam.Krier@Sun.COM { 36311337SWilliam.Krier@Sun.COM struct mslsa_EnumPrivsAccount *param = arg; 36411337SWilliam.Krier@Sun.COM 36511337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_EnumPrivsAccount)); 36611337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NOT_SUPPORTED); 36711337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 36811337SWilliam.Krier@Sun.COM } 36911337SWilliam.Krier@Sun.COM 37011337SWilliam.Krier@Sun.COM /* 37111337SWilliam.Krier@Sun.COM * lsarpc_s_LookupPrivValue 37211337SWilliam.Krier@Sun.COM * 37311337SWilliam.Krier@Sun.COM * Server side function used to map a privilege name to a locally unique 37411337SWilliam.Krier@Sun.COM * identifier (LUID). 37511337SWilliam.Krier@Sun.COM */ 37611337SWilliam.Krier@Sun.COM /*ARGSUSED*/ 37711337SWilliam.Krier@Sun.COM static int 37811337SWilliam.Krier@Sun.COM lsarpc_s_LookupPrivValue(void *arg, ndr_xa_t *mxa) 37911337SWilliam.Krier@Sun.COM { 38011337SWilliam.Krier@Sun.COM struct mslsa_LookupPrivValue *param = arg; 38111337SWilliam.Krier@Sun.COM smb_privinfo_t *pi; 38211337SWilliam.Krier@Sun.COM 38311337SWilliam.Krier@Sun.COM if ((pi = smb_priv_getbyname((char *)param->name.str)) == NULL) { 38411337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupPrivValue)); 38511337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE); 38611337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 38711337SWilliam.Krier@Sun.COM } 38811337SWilliam.Krier@Sun.COM 38911337SWilliam.Krier@Sun.COM param->luid.low_part = pi->id; 39011337SWilliam.Krier@Sun.COM param->luid.high_part = 0; 39111337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 39211337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 39311337SWilliam.Krier@Sun.COM } 39411337SWilliam.Krier@Sun.COM 39511337SWilliam.Krier@Sun.COM /* 39611337SWilliam.Krier@Sun.COM * lsarpc_s_LookupPrivName 39711337SWilliam.Krier@Sun.COM * 39811337SWilliam.Krier@Sun.COM * Server side function used to map a locally unique identifier (LUID) 39911337SWilliam.Krier@Sun.COM * to the appropriate privilege name string. 40011337SWilliam.Krier@Sun.COM */ 40111337SWilliam.Krier@Sun.COM static int 40211337SWilliam.Krier@Sun.COM lsarpc_s_LookupPrivName(void *arg, ndr_xa_t *mxa) 40311337SWilliam.Krier@Sun.COM { 40411337SWilliam.Krier@Sun.COM struct mslsa_LookupPrivName *param = arg; 40511337SWilliam.Krier@Sun.COM smb_privinfo_t *pi; 40611337SWilliam.Krier@Sun.COM int rc; 40711337SWilliam.Krier@Sun.COM 40811337SWilliam.Krier@Sun.COM if ((pi = smb_priv_getbyvalue(param->luid.low_part)) == NULL) { 40911337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupPrivName)); 41011337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE); 41111337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 41211337SWilliam.Krier@Sun.COM } 41311337SWilliam.Krier@Sun.COM 41411337SWilliam.Krier@Sun.COM param->name = NDR_NEW(mxa, mslsa_string_t); 41511337SWilliam.Krier@Sun.COM if (param->name == NULL) { 41611337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupPrivName)); 41711337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 41811337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 41911337SWilliam.Krier@Sun.COM } 42011337SWilliam.Krier@Sun.COM 42111337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, pi->name, (ndr_mstring_t *)param->name); 42211337SWilliam.Krier@Sun.COM if (rc == -1) { 42311337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupPrivName)); 42411337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 42511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 42611337SWilliam.Krier@Sun.COM } 42711337SWilliam.Krier@Sun.COM 42811337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 42911337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 43011337SWilliam.Krier@Sun.COM } 43111337SWilliam.Krier@Sun.COM 43211337SWilliam.Krier@Sun.COM /* 43311337SWilliam.Krier@Sun.COM * lsarpc_s_LookupPrivDisplayName 43411337SWilliam.Krier@Sun.COM * 43511337SWilliam.Krier@Sun.COM * This is the server side function for handling requests for account 43611337SWilliam.Krier@Sun.COM * privileges. For now just set the status to not-supported status and 43711337SWilliam.Krier@Sun.COM * return NDR_DRC_OK. 43811337SWilliam.Krier@Sun.COM */ 43911337SWilliam.Krier@Sun.COM static int 44011337SWilliam.Krier@Sun.COM lsarpc_s_LookupPrivDisplayName(void *arg, ndr_xa_t *mxa) 44111337SWilliam.Krier@Sun.COM { 44211337SWilliam.Krier@Sun.COM struct mslsa_LookupPrivDisplayName *param = arg; 44311337SWilliam.Krier@Sun.COM smb_privinfo_t *pi; 44411337SWilliam.Krier@Sun.COM int rc; 44511337SWilliam.Krier@Sun.COM 44611337SWilliam.Krier@Sun.COM if ((pi = smb_priv_getbyname((char *)param->name.str)) == NULL) { 44711337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupPrivDisplayName)); 44811337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_SUCH_PRIVILEGE); 44911337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 45011337SWilliam.Krier@Sun.COM } 45111337SWilliam.Krier@Sun.COM 45211337SWilliam.Krier@Sun.COM param->display_name = NDR_NEW(mxa, mslsa_string_t); 45311337SWilliam.Krier@Sun.COM if (param->display_name == NULL) { 45411337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupPrivDisplayName)); 45511337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 45611337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 45711337SWilliam.Krier@Sun.COM } 45811337SWilliam.Krier@Sun.COM 45911337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, pi->display_name, 46011337SWilliam.Krier@Sun.COM (ndr_mstring_t *)param->display_name); 46111337SWilliam.Krier@Sun.COM if (rc == -1) { 46211337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupPrivDisplayName)); 46311337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 46411337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 46511337SWilliam.Krier@Sun.COM } 46611337SWilliam.Krier@Sun.COM 46711337SWilliam.Krier@Sun.COM param->language_ret = MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL); 46811337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 46911337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 47011337SWilliam.Krier@Sun.COM } 47111337SWilliam.Krier@Sun.COM 47211337SWilliam.Krier@Sun.COM static int 47311337SWilliam.Krier@Sun.COM lsarpc_s_CreateSecret(void *arg, ndr_xa_t *mxa) 47411337SWilliam.Krier@Sun.COM { 47511337SWilliam.Krier@Sun.COM struct mslsa_CreateSecret *param = arg; 47611337SWilliam.Krier@Sun.COM ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle; 47711337SWilliam.Krier@Sun.COM ndr_handle_t *hd; 47811337SWilliam.Krier@Sun.COM 47911337SWilliam.Krier@Sun.COM hd = ndr_hdlookup(mxa, id); 48011337SWilliam.Krier@Sun.COM if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) { 48111337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_OpenAccount)); 48211337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE); 48311337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 48411337SWilliam.Krier@Sun.COM } 48511337SWilliam.Krier@Sun.COM 48611337SWilliam.Krier@Sun.COM bzero(¶m->secret_handle, sizeof (mslsa_handle_t)); 48711337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED); 48811337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 48911337SWilliam.Krier@Sun.COM } 49011337SWilliam.Krier@Sun.COM 49111337SWilliam.Krier@Sun.COM static int 49211337SWilliam.Krier@Sun.COM lsarpc_s_OpenSecret(void *arg, ndr_xa_t *mxa) 49311337SWilliam.Krier@Sun.COM { 49411337SWilliam.Krier@Sun.COM struct mslsa_OpenSecret *param = arg; 49511337SWilliam.Krier@Sun.COM ndr_hdid_t *id = (ndr_hdid_t *)¶m->handle; 49611337SWilliam.Krier@Sun.COM ndr_handle_t *hd; 49711337SWilliam.Krier@Sun.COM 49811337SWilliam.Krier@Sun.COM hd = ndr_hdlookup(mxa, id); 49911337SWilliam.Krier@Sun.COM if ((hd == NULL) || (hd->nh_data != &lsarpc_key_domain)) { 50011337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_OpenAccount)); 50111337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_HANDLE); 50211337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 50311337SWilliam.Krier@Sun.COM } 50411337SWilliam.Krier@Sun.COM 50511337SWilliam.Krier@Sun.COM bzero(¶m->secret_handle, sizeof (mslsa_handle_t)); 50611337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_ACCESS_DENIED); 50711337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 50811337SWilliam.Krier@Sun.COM } 50911337SWilliam.Krier@Sun.COM 51011337SWilliam.Krier@Sun.COM /* 51111337SWilliam.Krier@Sun.COM * lsarpc_s_GetConnectedUser 51211337SWilliam.Krier@Sun.COM * 51311337SWilliam.Krier@Sun.COM * Return the account name and NetBIOS domain name for the user making 51411337SWilliam.Krier@Sun.COM * the request. The hostname field should be ignored by the server. 51511337SWilliam.Krier@Sun.COM */ 51611337SWilliam.Krier@Sun.COM static int 51711337SWilliam.Krier@Sun.COM lsarpc_s_GetConnectedUser(void *arg, ndr_xa_t *mxa) 51811337SWilliam.Krier@Sun.COM { 51911337SWilliam.Krier@Sun.COM struct mslsa_GetConnectedUser *param = arg; 52011337SWilliam.Krier@Sun.COM smb_netuserinfo_t *user = &mxa->pipe->np_user; 52111337SWilliam.Krier@Sun.COM DWORD status = NT_STATUS_SUCCESS; 52211337SWilliam.Krier@Sun.COM smb_domainex_t di; 52311337SWilliam.Krier@Sun.COM int rc1; 52411337SWilliam.Krier@Sun.COM int rc2; 52511337SWilliam.Krier@Sun.COM 52611337SWilliam.Krier@Sun.COM if (!smb_domain_getinfo(&di)) { 52711337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_GetConnectedUser)); 52811337SWilliam.Krier@Sun.COM status = NT_SC_ERROR(NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 52911337SWilliam.Krier@Sun.COM param->status = status; 53011337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 53111337SWilliam.Krier@Sun.COM } 53211337SWilliam.Krier@Sun.COM 53311337SWilliam.Krier@Sun.COM param->owner = NDR_NEW(mxa, struct mslsa_string_desc); 53411337SWilliam.Krier@Sun.COM param->domain = NDR_NEW(mxa, struct mslsa_DomainName); 53511337SWilliam.Krier@Sun.COM if (param->owner == NULL || param->domain == NULL) { 53611337SWilliam.Krier@Sun.COM status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 53711337SWilliam.Krier@Sun.COM param->status = status; 53811337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 53911337SWilliam.Krier@Sun.COM } 54011337SWilliam.Krier@Sun.COM 54111337SWilliam.Krier@Sun.COM param->domain->name = NDR_NEW(mxa, struct mslsa_string_desc); 54211337SWilliam.Krier@Sun.COM if (param->domain->name == NULL) { 54311337SWilliam.Krier@Sun.COM status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 54411337SWilliam.Krier@Sun.COM param->status = status; 54511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 54611337SWilliam.Krier@Sun.COM } 54711337SWilliam.Krier@Sun.COM 54811337SWilliam.Krier@Sun.COM rc1 = NDR_MSTRING(mxa, user->ui_account, 54911337SWilliam.Krier@Sun.COM (ndr_mstring_t *)param->owner); 55011337SWilliam.Krier@Sun.COM rc2 = NDR_MSTRING(mxa, user->ui_domain, 55111337SWilliam.Krier@Sun.COM (ndr_mstring_t *)param->domain->name); 55211337SWilliam.Krier@Sun.COM 55311337SWilliam.Krier@Sun.COM if (rc1 == -1 || rc2 == -1) 55411337SWilliam.Krier@Sun.COM status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 55511337SWilliam.Krier@Sun.COM 55611337SWilliam.Krier@Sun.COM param->status = status; 55711337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 55811337SWilliam.Krier@Sun.COM } 55911337SWilliam.Krier@Sun.COM 56011337SWilliam.Krier@Sun.COM 56111337SWilliam.Krier@Sun.COM /* 56211337SWilliam.Krier@Sun.COM * lsarpc_s_QueryInfoPolicy 56311337SWilliam.Krier@Sun.COM * 56411337SWilliam.Krier@Sun.COM * This is the server side function for handling LSA information policy 56511337SWilliam.Krier@Sun.COM * queries. Currently, we only support primary domain and account 56611337SWilliam.Krier@Sun.COM * domain queries. This is just a front end to switch on the request 56711337SWilliam.Krier@Sun.COM * and hand it off to the appropriate function to actually deal with 56811337SWilliam.Krier@Sun.COM * obtaining and building the response. 56911337SWilliam.Krier@Sun.COM */ 57011337SWilliam.Krier@Sun.COM static int 57111337SWilliam.Krier@Sun.COM lsarpc_s_QueryInfoPolicy(void *arg, ndr_xa_t *mxa) 57211337SWilliam.Krier@Sun.COM { 57311337SWilliam.Krier@Sun.COM struct mslsa_QueryInfoPolicy *param = arg; 57411337SWilliam.Krier@Sun.COM union mslsa_PolicyInfoResUnion *ru = ¶m->ru; 57511337SWilliam.Krier@Sun.COM int security_mode; 57611337SWilliam.Krier@Sun.COM DWORD status; 57711337SWilliam.Krier@Sun.COM 57811337SWilliam.Krier@Sun.COM param->switch_value = param->info_class; 57911337SWilliam.Krier@Sun.COM 58011337SWilliam.Krier@Sun.COM switch (param->info_class) { 58111337SWilliam.Krier@Sun.COM case MSLSA_POLICY_AUDIT_EVENTS_INFO: 58211337SWilliam.Krier@Sun.COM ru->audit_events.enabled = 0; 58311337SWilliam.Krier@Sun.COM ru->audit_events.count = 1; 58411337SWilliam.Krier@Sun.COM ru->audit_events.settings 58511337SWilliam.Krier@Sun.COM = NDR_MALLOC(mxa, sizeof (DWORD)); 58611337SWilliam.Krier@Sun.COM bzero(ru->audit_events.settings, sizeof (DWORD)); 58711337SWilliam.Krier@Sun.COM status = NT_STATUS_SUCCESS; 58811337SWilliam.Krier@Sun.COM break; 58911337SWilliam.Krier@Sun.COM 59011337SWilliam.Krier@Sun.COM case MSLSA_POLICY_PRIMARY_DOMAIN_INFO: 59111337SWilliam.Krier@Sun.COM status = lsarpc_s_PrimaryDomainInfo(&ru->pd_info, mxa); 59211337SWilliam.Krier@Sun.COM break; 59311337SWilliam.Krier@Sun.COM 59411337SWilliam.Krier@Sun.COM case MSLSA_POLICY_ACCOUNT_DOMAIN_INFO: 59511337SWilliam.Krier@Sun.COM status = lsarpc_s_AccountDomainInfo(&ru->ad_info, mxa); 59611337SWilliam.Krier@Sun.COM break; 59711337SWilliam.Krier@Sun.COM 59811337SWilliam.Krier@Sun.COM case MSLSA_POLICY_SERVER_ROLE_INFO: 59911337SWilliam.Krier@Sun.COM security_mode = smb_config_get_secmode(); 60011337SWilliam.Krier@Sun.COM 60111337SWilliam.Krier@Sun.COM if (security_mode == SMB_SECMODE_DOMAIN) 60211337SWilliam.Krier@Sun.COM ru->server_role.role = LSA_ROLE_MEMBER_SERVER; 60311337SWilliam.Krier@Sun.COM else 60411337SWilliam.Krier@Sun.COM ru->server_role.role = LSA_ROLE_STANDALONE_SERVER; 60511337SWilliam.Krier@Sun.COM 60611337SWilliam.Krier@Sun.COM ru->server_role.pad = 0; 60711337SWilliam.Krier@Sun.COM status = NT_STATUS_SUCCESS; 60811337SWilliam.Krier@Sun.COM break; 60911337SWilliam.Krier@Sun.COM 61011337SWilliam.Krier@Sun.COM default: 61111337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_QueryInfoPolicy)); 61211337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_INFO_CLASS); 61311337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 61411337SWilliam.Krier@Sun.COM } 61511337SWilliam.Krier@Sun.COM 61611337SWilliam.Krier@Sun.COM if (status != NT_STATUS_SUCCESS) 61711337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(status); 61811337SWilliam.Krier@Sun.COM else 61911337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 62011337SWilliam.Krier@Sun.COM param->address = (DWORD)(uintptr_t)ru; 62111337SWilliam.Krier@Sun.COM 62211337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 62311337SWilliam.Krier@Sun.COM } 62411337SWilliam.Krier@Sun.COM 62511337SWilliam.Krier@Sun.COM 62611337SWilliam.Krier@Sun.COM /* 62711337SWilliam.Krier@Sun.COM * lsarpc_s_PrimaryDomainInfo 62811337SWilliam.Krier@Sun.COM * 62911337SWilliam.Krier@Sun.COM * Service primary domain policy queries. In domain mode, return the 63011337SWilliam.Krier@Sun.COM * primary domain name and SID. In workgroup mode, return the local 63111337SWilliam.Krier@Sun.COM * hostname and local domain SID. 63211337SWilliam.Krier@Sun.COM * 63311337SWilliam.Krier@Sun.COM * Note: info is zeroed on entry to ensure the SID and name do not 63411337SWilliam.Krier@Sun.COM * contain spurious values if an error is returned. 63511337SWilliam.Krier@Sun.COM */ 63611337SWilliam.Krier@Sun.COM static DWORD 63711337SWilliam.Krier@Sun.COM lsarpc_s_PrimaryDomainInfo(struct mslsa_PrimaryDomainInfo *info, 63811337SWilliam.Krier@Sun.COM ndr_xa_t *mxa) 63911337SWilliam.Krier@Sun.COM { 64011337SWilliam.Krier@Sun.COM smb_domain_t di; 64111337SWilliam.Krier@Sun.COM boolean_t found; 64211337SWilliam.Krier@Sun.COM int rc; 64311337SWilliam.Krier@Sun.COM 64411337SWilliam.Krier@Sun.COM bzero(info, sizeof (struct mslsa_PrimaryDomainInfo)); 64511337SWilliam.Krier@Sun.COM 64611337SWilliam.Krier@Sun.COM if (smb_config_get_secmode() != SMB_SECMODE_DOMAIN) 64711337SWilliam.Krier@Sun.COM found = smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di); 64811337SWilliam.Krier@Sun.COM else 64911337SWilliam.Krier@Sun.COM found = smb_domain_lookup_type(SMB_DOMAIN_PRIMARY, &di); 65011337SWilliam.Krier@Sun.COM 65111337SWilliam.Krier@Sun.COM if (!found) 65211337SWilliam.Krier@Sun.COM return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 65311337SWilliam.Krier@Sun.COM 65411337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, di.di_nbname, (ndr_mstring_t *)&info->name); 65511337SWilliam.Krier@Sun.COM info->sid = (struct mslsa_sid *)NDR_SIDDUP(mxa, di.di_binsid); 65611337SWilliam.Krier@Sun.COM 65711337SWilliam.Krier@Sun.COM if ((rc == -1) || (info->sid == NULL)) 65811337SWilliam.Krier@Sun.COM return (NT_STATUS_NO_MEMORY); 65911337SWilliam.Krier@Sun.COM 66011337SWilliam.Krier@Sun.COM return (NT_STATUS_SUCCESS); 66111337SWilliam.Krier@Sun.COM } 66211337SWilliam.Krier@Sun.COM 66311337SWilliam.Krier@Sun.COM 66411337SWilliam.Krier@Sun.COM /* 66511337SWilliam.Krier@Sun.COM * lsarpc_s_AccountDomainInfo 66611337SWilliam.Krier@Sun.COM * 66711337SWilliam.Krier@Sun.COM * Service account domain policy queries. We return our local domain 66811337SWilliam.Krier@Sun.COM * information so that the client knows who to query for information 66911337SWilliam.Krier@Sun.COM * on local names and SIDs. The domain name is the local hostname. 67011337SWilliam.Krier@Sun.COM * 67111337SWilliam.Krier@Sun.COM * Note: info is zeroed on entry to ensure the SID and name do not 67211337SWilliam.Krier@Sun.COM * contain spurious values if an error is returned. 67311337SWilliam.Krier@Sun.COM */ 67411337SWilliam.Krier@Sun.COM static DWORD 67511337SWilliam.Krier@Sun.COM lsarpc_s_AccountDomainInfo(struct mslsa_AccountDomainInfo *info, 67611337SWilliam.Krier@Sun.COM ndr_xa_t *mxa) 67711337SWilliam.Krier@Sun.COM { 67811337SWilliam.Krier@Sun.COM smb_domain_t di; 67911337SWilliam.Krier@Sun.COM int rc; 68011337SWilliam.Krier@Sun.COM 68111337SWilliam.Krier@Sun.COM bzero(info, sizeof (struct mslsa_AccountDomainInfo)); 68211337SWilliam.Krier@Sun.COM 68311337SWilliam.Krier@Sun.COM if (!smb_domain_lookup_type(SMB_DOMAIN_LOCAL, &di)) 68411337SWilliam.Krier@Sun.COM return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 68511337SWilliam.Krier@Sun.COM 68611337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, di.di_nbname, (ndr_mstring_t *)&info->name); 68711337SWilliam.Krier@Sun.COM info->sid = (struct mslsa_sid *)NDR_SIDDUP(mxa, di.di_binsid); 68811337SWilliam.Krier@Sun.COM 68911337SWilliam.Krier@Sun.COM if ((rc == -1) || (info->sid == NULL)) 69011337SWilliam.Krier@Sun.COM return (NT_STATUS_NO_MEMORY); 69111337SWilliam.Krier@Sun.COM 69211337SWilliam.Krier@Sun.COM return (NT_STATUS_SUCCESS); 69311337SWilliam.Krier@Sun.COM } 69411337SWilliam.Krier@Sun.COM 69511337SWilliam.Krier@Sun.COM /* 69611337SWilliam.Krier@Sun.COM * lsarpc_s_LookupNames 69711337SWilliam.Krier@Sun.COM * 69811337SWilliam.Krier@Sun.COM * This is the service side function for handling name lookup requests. 69911337SWilliam.Krier@Sun.COM * Currently, we only support lookups of a single name. This is also a 70011337SWilliam.Krier@Sun.COM * pass through interface so all we do is act as a proxy between the 70111337SWilliam.Krier@Sun.COM * client and the DC. 70211337SWilliam.Krier@Sun.COM */ 70311337SWilliam.Krier@Sun.COM static int 70411337SWilliam.Krier@Sun.COM lsarpc_s_LookupNames(void *arg, ndr_xa_t *mxa) 70511337SWilliam.Krier@Sun.COM { 70611337SWilliam.Krier@Sun.COM struct mslsa_LookupNames *param = arg; 70711337SWilliam.Krier@Sun.COM struct mslsa_rid_entry *rids; 70811337SWilliam.Krier@Sun.COM struct mslsa_domain_table *domain_table; 70911337SWilliam.Krier@Sun.COM struct mslsa_domain_entry *domain_entry; 71011337SWilliam.Krier@Sun.COM smb_account_t account; 71111337SWilliam.Krier@Sun.COM uint32_t status; 71211337SWilliam.Krier@Sun.COM char *accname; 71311337SWilliam.Krier@Sun.COM int rc = 0; 71411337SWilliam.Krier@Sun.COM 71511337SWilliam.Krier@Sun.COM if (param->name_table->n_entry != 1) 71611337SWilliam.Krier@Sun.COM return (NDR_DRC_FAULT_PARAM_0_UNIMPLEMENTED); 71711337SWilliam.Krier@Sun.COM 71811337SWilliam.Krier@Sun.COM rids = NDR_NEW(mxa, struct mslsa_rid_entry); 71911337SWilliam.Krier@Sun.COM domain_table = NDR_NEW(mxa, struct mslsa_domain_table); 72011337SWilliam.Krier@Sun.COM domain_entry = NDR_NEW(mxa, struct mslsa_domain_entry); 72111337SWilliam.Krier@Sun.COM 72211337SWilliam.Krier@Sun.COM if (rids == NULL || domain_table == NULL || domain_entry == NULL) { 72311337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupNames)); 72411337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 72511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 72611337SWilliam.Krier@Sun.COM } 72711337SWilliam.Krier@Sun.COM 72811337SWilliam.Krier@Sun.COM accname = (char *)param->name_table->names->str; 72911337SWilliam.Krier@Sun.COM status = lsa_lookup_name(accname, SidTypeUnknown, &account); 73011337SWilliam.Krier@Sun.COM if (status != NT_STATUS_SUCCESS) { 73111337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupNames)); 73211337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(status); 73311337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 73411337SWilliam.Krier@Sun.COM } 73511337SWilliam.Krier@Sun.COM 73611337SWilliam.Krier@Sun.COM /* 73711337SWilliam.Krier@Sun.COM * Set up the rid table. 73811337SWilliam.Krier@Sun.COM */ 73911337SWilliam.Krier@Sun.COM rids[0].sid_name_use = account.a_type; 74011337SWilliam.Krier@Sun.COM rids[0].rid = account.a_rid; 74111337SWilliam.Krier@Sun.COM rids[0].domain_index = 0; 74211337SWilliam.Krier@Sun.COM param->translated_sids.n_entry = 1; 74311337SWilliam.Krier@Sun.COM param->translated_sids.rids = rids; 74411337SWilliam.Krier@Sun.COM 74511337SWilliam.Krier@Sun.COM /* 74611337SWilliam.Krier@Sun.COM * Set up the domain table. 74711337SWilliam.Krier@Sun.COM */ 74811337SWilliam.Krier@Sun.COM domain_table->entries = domain_entry; 74911337SWilliam.Krier@Sun.COM domain_table->n_entry = 1; 75011337SWilliam.Krier@Sun.COM domain_table->max_n_entry = MLSVC_DOMAIN_MAX; 75111337SWilliam.Krier@Sun.COM 75211337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, account.a_domain, 75311337SWilliam.Krier@Sun.COM (ndr_mstring_t *)&domain_entry->domain_name); 75411337SWilliam.Krier@Sun.COM domain_entry->domain_sid = 75511337SWilliam.Krier@Sun.COM (struct mslsa_sid *)NDR_SIDDUP(mxa, account.a_domsid); 75611337SWilliam.Krier@Sun.COM 75711337SWilliam.Krier@Sun.COM if (rc == -1 || domain_entry->domain_sid == NULL) { 75811337SWilliam.Krier@Sun.COM smb_account_free(&account); 75911337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupNames)); 76011337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 76111337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 76211337SWilliam.Krier@Sun.COM } 76311337SWilliam.Krier@Sun.COM 76411337SWilliam.Krier@Sun.COM param->domain_table = domain_table; 76511337SWilliam.Krier@Sun.COM param->mapped_count = 1; 76611337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 76711337SWilliam.Krier@Sun.COM 76811337SWilliam.Krier@Sun.COM smb_account_free(&account); 76911337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 77011337SWilliam.Krier@Sun.COM } 77111337SWilliam.Krier@Sun.COM 77211337SWilliam.Krier@Sun.COM /* 77311337SWilliam.Krier@Sun.COM * lsarpc_s_LookupSids 77411337SWilliam.Krier@Sun.COM * 77511337SWilliam.Krier@Sun.COM * This is the service side function for handling sid lookup requests. 77611337SWilliam.Krier@Sun.COM * We have to set up both the name table and the domain table in the 77711337SWilliam.Krier@Sun.COM * response. For each SID, we check for UNIX domain (local lookup) or 77811337SWilliam.Krier@Sun.COM * NT domain (DC lookup) and call the appropriate lookup function. This 77911337SWilliam.Krier@Sun.COM * should resolve the SID to a name. Then we need to update the domain 78011337SWilliam.Krier@Sun.COM * table and make the name entry point at the appropriate domain table 78111337SWilliam.Krier@Sun.COM * entry. 78211337SWilliam.Krier@Sun.COM * 78311337SWilliam.Krier@Sun.COM * 78411337SWilliam.Krier@Sun.COM * This RPC should behave as if LookupOptions is LSA_LOOKUP_OPT_ALL and 78511337SWilliam.Krier@Sun.COM * ClientRevision is LSA_CLIENT_REVISION_NT. 78611337SWilliam.Krier@Sun.COM * 78711337SWilliam.Krier@Sun.COM * On success return 0. Otherwise return an RPC specific error code. 78811337SWilliam.Krier@Sun.COM */ 78911337SWilliam.Krier@Sun.COM static int 79011337SWilliam.Krier@Sun.COM lsarpc_s_LookupSids(void *arg, ndr_xa_t *mxa) 79111337SWilliam.Krier@Sun.COM { 79211337SWilliam.Krier@Sun.COM struct mslsa_LookupSids *param = arg; 79311337SWilliam.Krier@Sun.COM struct mslsa_domain_table *domain_table; 79411337SWilliam.Krier@Sun.COM struct mslsa_domain_entry *domain_entry; 79511337SWilliam.Krier@Sun.COM struct mslsa_name_entry *names; 79611337SWilliam.Krier@Sun.COM struct mslsa_name_entry *name; 79711337SWilliam.Krier@Sun.COM smb_account_t account; 79811337SWilliam.Krier@Sun.COM smb_sid_t *sid; 79911337SWilliam.Krier@Sun.COM DWORD n_entry; 80011337SWilliam.Krier@Sun.COM int result; 80111337SWilliam.Krier@Sun.COM int i; 80211337SWilliam.Krier@Sun.COM 80311337SWilliam.Krier@Sun.COM n_entry = param->lup_sid_table.n_entry; 80411337SWilliam.Krier@Sun.COM names = NDR_NEWN(mxa, struct mslsa_name_entry, n_entry); 80511337SWilliam.Krier@Sun.COM domain_table = NDR_NEW(mxa, struct mslsa_domain_table); 80611337SWilliam.Krier@Sun.COM domain_entry = NDR_NEWN(mxa, struct mslsa_domain_entry, 80711337SWilliam.Krier@Sun.COM MLSVC_DOMAIN_MAX); 80811337SWilliam.Krier@Sun.COM 80911337SWilliam.Krier@Sun.COM if (names == NULL || domain_table == NULL || domain_entry == NULL) { 81011337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct mslsa_LookupSids)); 81111337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 81211337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 81311337SWilliam.Krier@Sun.COM } 81411337SWilliam.Krier@Sun.COM 81511337SWilliam.Krier@Sun.COM domain_table->entries = domain_entry; 81611337SWilliam.Krier@Sun.COM domain_table->n_entry = 0; 81711337SWilliam.Krier@Sun.COM domain_table->max_n_entry = MLSVC_DOMAIN_MAX; 81811337SWilliam.Krier@Sun.COM 81911337SWilliam.Krier@Sun.COM name = names; 82011337SWilliam.Krier@Sun.COM for (i = 0; i < n_entry; ++i, name++) { 82111337SWilliam.Krier@Sun.COM bzero(&names[i], sizeof (struct mslsa_name_entry)); 82211337SWilliam.Krier@Sun.COM sid = (smb_sid_t *)param->lup_sid_table.entries[i].psid; 82311337SWilliam.Krier@Sun.COM 82411337SWilliam.Krier@Sun.COM result = lsa_lookup_sid(sid, &account); 82511337SWilliam.Krier@Sun.COM if (result != NT_STATUS_SUCCESS) 82611337SWilliam.Krier@Sun.COM goto lookup_sid_failed; 82711337SWilliam.Krier@Sun.COM 82811337SWilliam.Krier@Sun.COM if (*account.a_name != '\0') { 82911337SWilliam.Krier@Sun.COM if (NDR_MSTRING(mxa, account.a_name, 83011337SWilliam.Krier@Sun.COM (ndr_mstring_t *)&name->name) == -1) { 83111337SWilliam.Krier@Sun.COM result = NT_STATUS_NO_MEMORY; 83211337SWilliam.Krier@Sun.COM goto lookup_sid_failed; 83311337SWilliam.Krier@Sun.COM } 83411337SWilliam.Krier@Sun.COM } 83511337SWilliam.Krier@Sun.COM name->sid_name_use = account.a_type; 83611337SWilliam.Krier@Sun.COM 83711337SWilliam.Krier@Sun.COM result = lsarpc_s_UpdateDomainTable(mxa, &account, 83811337SWilliam.Krier@Sun.COM domain_table, &name->domain_ix); 83911337SWilliam.Krier@Sun.COM 84011337SWilliam.Krier@Sun.COM if (result == -1) { 84111337SWilliam.Krier@Sun.COM result = NT_STATUS_INTERNAL_ERROR; 84211337SWilliam.Krier@Sun.COM goto lookup_sid_failed; 84311337SWilliam.Krier@Sun.COM } 84411337SWilliam.Krier@Sun.COM 84511337SWilliam.Krier@Sun.COM smb_account_free(&account); 84611337SWilliam.Krier@Sun.COM } 84711337SWilliam.Krier@Sun.COM 84811337SWilliam.Krier@Sun.COM param->domain_table = domain_table; 84911337SWilliam.Krier@Sun.COM param->name_table.n_entry = n_entry; 85011337SWilliam.Krier@Sun.COM param->name_table.entries = names; 85111337SWilliam.Krier@Sun.COM param->mapped_count = n_entry; 85211337SWilliam.Krier@Sun.COM param->status = 0; 85311337SWilliam.Krier@Sun.COM 85411337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 85511337SWilliam.Krier@Sun.COM 85611337SWilliam.Krier@Sun.COM lookup_sid_failed: 85711337SWilliam.Krier@Sun.COM param->domain_table = 0; 85811337SWilliam.Krier@Sun.COM param->name_table.n_entry = 0; 85911337SWilliam.Krier@Sun.COM param->name_table.entries = 0; 86011337SWilliam.Krier@Sun.COM param->mapped_count = 0; 86111337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(result); 86211337SWilliam.Krier@Sun.COM 86311337SWilliam.Krier@Sun.COM smb_account_free(&account); 86411337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 86511337SWilliam.Krier@Sun.COM } 86611337SWilliam.Krier@Sun.COM 86711337SWilliam.Krier@Sun.COM /* 86811337SWilliam.Krier@Sun.COM * lsarpc_s_UpdateDomainTable 86911337SWilliam.Krier@Sun.COM * 87011337SWilliam.Krier@Sun.COM * This routine is responsible for maintaining the domain table which 87111337SWilliam.Krier@Sun.COM * will be returned from a SID lookup. Whenever a name is added to the 87211337SWilliam.Krier@Sun.COM * name table, this function should be called with the corresponding 87311337SWilliam.Krier@Sun.COM * domain name. If the domain information is not already in the table, 87411337SWilliam.Krier@Sun.COM * it is added. On success return 0; Otherwise -1 is returned. 87511337SWilliam.Krier@Sun.COM */ 87611337SWilliam.Krier@Sun.COM static int 87711337SWilliam.Krier@Sun.COM lsarpc_s_UpdateDomainTable(ndr_xa_t *mxa, 87811337SWilliam.Krier@Sun.COM smb_account_t *account, struct mslsa_domain_table *domain_table, 87911337SWilliam.Krier@Sun.COM DWORD *domain_idx) 88011337SWilliam.Krier@Sun.COM { 88111337SWilliam.Krier@Sun.COM struct mslsa_domain_entry *dentry; 88211337SWilliam.Krier@Sun.COM DWORD n_entry; 88311337SWilliam.Krier@Sun.COM DWORD i; 88411337SWilliam.Krier@Sun.COM int rc; 88511337SWilliam.Krier@Sun.COM 88611337SWilliam.Krier@Sun.COM if (account->a_type == SidTypeUnknown || 88711337SWilliam.Krier@Sun.COM account->a_type == SidTypeInvalid) { 88811337SWilliam.Krier@Sun.COM /* 88911337SWilliam.Krier@Sun.COM * These types don't need to reference an entry in the 89011337SWilliam.Krier@Sun.COM * domain table. So return -1. 89111337SWilliam.Krier@Sun.COM */ 89211337SWilliam.Krier@Sun.COM *domain_idx = (DWORD)-1; 89311337SWilliam.Krier@Sun.COM return (0); 89411337SWilliam.Krier@Sun.COM } 89511337SWilliam.Krier@Sun.COM 89611337SWilliam.Krier@Sun.COM if ((dentry = domain_table->entries) == NULL) 89711337SWilliam.Krier@Sun.COM return (-1); 89811337SWilliam.Krier@Sun.COM 89911337SWilliam.Krier@Sun.COM if ((n_entry = domain_table->n_entry) >= MLSVC_DOMAIN_MAX) 90011337SWilliam.Krier@Sun.COM return (-1); 90111337SWilliam.Krier@Sun.COM 90211337SWilliam.Krier@Sun.COM for (i = 0; i < n_entry; ++i) { 90311337SWilliam.Krier@Sun.COM if (smb_sid_cmp((smb_sid_t *)dentry[i].domain_sid, 90411337SWilliam.Krier@Sun.COM account->a_domsid)) { 90511337SWilliam.Krier@Sun.COM *domain_idx = i; 90611337SWilliam.Krier@Sun.COM return (0); 90711337SWilliam.Krier@Sun.COM } 90811337SWilliam.Krier@Sun.COM } 90911337SWilliam.Krier@Sun.COM 91011337SWilliam.Krier@Sun.COM if (i == MLSVC_DOMAIN_MAX) 91111337SWilliam.Krier@Sun.COM return (-1); 91211337SWilliam.Krier@Sun.COM 91311337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, account->a_domain, 91411337SWilliam.Krier@Sun.COM (ndr_mstring_t *)&dentry[i].domain_name); 91511337SWilliam.Krier@Sun.COM dentry[i].domain_sid = 91611337SWilliam.Krier@Sun.COM (struct mslsa_sid *)NDR_SIDDUP(mxa, account->a_domsid); 91711337SWilliam.Krier@Sun.COM 91811337SWilliam.Krier@Sun.COM if (rc == -1 || dentry[i].domain_sid == NULL) 91911337SWilliam.Krier@Sun.COM return (-1); 92011337SWilliam.Krier@Sun.COM 92111337SWilliam.Krier@Sun.COM ++domain_table->n_entry; 92211337SWilliam.Krier@Sun.COM *domain_idx = i; 92311337SWilliam.Krier@Sun.COM return (0); 92411337SWilliam.Krier@Sun.COM } 92511337SWilliam.Krier@Sun.COM 92611337SWilliam.Krier@Sun.COM /* 92711337SWilliam.Krier@Sun.COM * lsarpc_s_LookupSids2 92811337SWilliam.Krier@Sun.COM * 92911337SWilliam.Krier@Sun.COM * Other than the use of lsar_lookup_sids2 and lsar_name_entry2, this 93011337SWilliam.Krier@Sun.COM * is identical to lsarpc_s_LookupSids. 93111337SWilliam.Krier@Sun.COM * 93211337SWilliam.Krier@Sun.COM * Ignore lookup_level, it is reserved and should be zero. 93311337SWilliam.Krier@Sun.COM */ 93411337SWilliam.Krier@Sun.COM static int 93511337SWilliam.Krier@Sun.COM lsarpc_s_LookupSids2(void *arg, ndr_xa_t *mxa) 93611337SWilliam.Krier@Sun.COM { 93711337SWilliam.Krier@Sun.COM struct lsar_lookup_sids2 *param = arg; 93811337SWilliam.Krier@Sun.COM struct lsar_name_entry2 *names; 93911337SWilliam.Krier@Sun.COM struct lsar_name_entry2 *name; 94011337SWilliam.Krier@Sun.COM struct mslsa_domain_table *domain_table; 94111337SWilliam.Krier@Sun.COM struct mslsa_domain_entry *domain_entry; 94211337SWilliam.Krier@Sun.COM smb_account_t account; 94311337SWilliam.Krier@Sun.COM smb_sid_t *sid; 94411337SWilliam.Krier@Sun.COM DWORD n_entry; 94511337SWilliam.Krier@Sun.COM int result; 94611337SWilliam.Krier@Sun.COM int i; 94711337SWilliam.Krier@Sun.COM 94811337SWilliam.Krier@Sun.COM n_entry = param->lup_sid_table.n_entry; 94911337SWilliam.Krier@Sun.COM names = NDR_NEWN(mxa, struct lsar_name_entry2, n_entry); 95011337SWilliam.Krier@Sun.COM domain_table = NDR_NEW(mxa, struct mslsa_domain_table); 95111337SWilliam.Krier@Sun.COM domain_entry = NDR_NEWN(mxa, struct mslsa_domain_entry, 95211337SWilliam.Krier@Sun.COM MLSVC_DOMAIN_MAX); 95311337SWilliam.Krier@Sun.COM 95411337SWilliam.Krier@Sun.COM if (names == NULL || domain_table == NULL || domain_entry == NULL) { 95511337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_lookup_sids2)); 95611337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 95711337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 95811337SWilliam.Krier@Sun.COM } 95911337SWilliam.Krier@Sun.COM 96011337SWilliam.Krier@Sun.COM domain_table->entries = domain_entry; 96111337SWilliam.Krier@Sun.COM domain_table->n_entry = 0; 96211337SWilliam.Krier@Sun.COM domain_table->max_n_entry = MLSVC_DOMAIN_MAX; 96311337SWilliam.Krier@Sun.COM 96411337SWilliam.Krier@Sun.COM name = names; 96511337SWilliam.Krier@Sun.COM for (i = 0; i < n_entry; ++i, name++) { 96611337SWilliam.Krier@Sun.COM bzero(name, sizeof (struct lsar_name_entry2)); 96711337SWilliam.Krier@Sun.COM sid = (smb_sid_t *)param->lup_sid_table.entries[i].psid; 96811337SWilliam.Krier@Sun.COM 96911337SWilliam.Krier@Sun.COM result = lsa_lookup_sid(sid, &account); 97011337SWilliam.Krier@Sun.COM if (result != NT_STATUS_SUCCESS) 97111337SWilliam.Krier@Sun.COM goto lookup_sid_failed; 97211337SWilliam.Krier@Sun.COM 97311337SWilliam.Krier@Sun.COM if (*account.a_name != '\0') { 97411337SWilliam.Krier@Sun.COM if (NDR_MSTRING(mxa, account.a_name, 97511337SWilliam.Krier@Sun.COM (ndr_mstring_t *)&name->name) == -1) { 97611337SWilliam.Krier@Sun.COM result = NT_STATUS_NO_MEMORY; 97711337SWilliam.Krier@Sun.COM goto lookup_sid_failed; 97811337SWilliam.Krier@Sun.COM } 97911337SWilliam.Krier@Sun.COM } 98011337SWilliam.Krier@Sun.COM name->sid_name_use = account.a_type; 98111337SWilliam.Krier@Sun.COM 98211337SWilliam.Krier@Sun.COM result = lsarpc_s_UpdateDomainTable(mxa, &account, 98311337SWilliam.Krier@Sun.COM domain_table, &name->domain_ix); 98411337SWilliam.Krier@Sun.COM 98511337SWilliam.Krier@Sun.COM if (result == -1) { 98611337SWilliam.Krier@Sun.COM result = NT_STATUS_INTERNAL_ERROR; 98711337SWilliam.Krier@Sun.COM goto lookup_sid_failed; 98811337SWilliam.Krier@Sun.COM } 98911337SWilliam.Krier@Sun.COM 99011337SWilliam.Krier@Sun.COM smb_account_free(&account); 99111337SWilliam.Krier@Sun.COM } 99211337SWilliam.Krier@Sun.COM 99311337SWilliam.Krier@Sun.COM param->domain_table = domain_table; 99411337SWilliam.Krier@Sun.COM param->name_table.n_entry = n_entry; 99511337SWilliam.Krier@Sun.COM param->name_table.entries = names; 99611337SWilliam.Krier@Sun.COM param->mapped_count = n_entry; 99711337SWilliam.Krier@Sun.COM param->status = 0; 99811337SWilliam.Krier@Sun.COM 99911337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 100011337SWilliam.Krier@Sun.COM 100111337SWilliam.Krier@Sun.COM lookup_sid_failed: 100211337SWilliam.Krier@Sun.COM param->domain_table = 0; 100311337SWilliam.Krier@Sun.COM param->name_table.n_entry = 0; 100411337SWilliam.Krier@Sun.COM param->name_table.entries = 0; 100511337SWilliam.Krier@Sun.COM param->mapped_count = 0; 100611337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(result); 100711337SWilliam.Krier@Sun.COM 100811337SWilliam.Krier@Sun.COM smb_account_free(&account); 100911337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 101011337SWilliam.Krier@Sun.COM } 101111337SWilliam.Krier@Sun.COM 101211337SWilliam.Krier@Sun.COM /* 101311337SWilliam.Krier@Sun.COM * LookupSids3 is only valid on domain controllers. 101411337SWilliam.Krier@Sun.COM * Other servers must return NT_STATUS_INVALID_SERVER_STATE. 101511337SWilliam.Krier@Sun.COM */ 101611337SWilliam.Krier@Sun.COM /*ARGSUSED*/ 101711337SWilliam.Krier@Sun.COM static int 101811337SWilliam.Krier@Sun.COM lsarpc_s_LookupSids3(void *arg, ndr_xa_t *mxa) 101911337SWilliam.Krier@Sun.COM { 102011337SWilliam.Krier@Sun.COM struct lsar_lookup_sids3 *param = arg; 102111337SWilliam.Krier@Sun.COM 102211337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_lookup_sids3)); 102311337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_SERVER_STATE); 102411337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 102511337SWilliam.Krier@Sun.COM } 102611337SWilliam.Krier@Sun.COM 102711337SWilliam.Krier@Sun.COM /* 102811337SWilliam.Krier@Sun.COM * lsarpc_s_LookupNames2 102911337SWilliam.Krier@Sun.COM * 103011337SWilliam.Krier@Sun.COM * Other than the use of lsar_LookupNames2 and lsar_rid_entry2, this 103111337SWilliam.Krier@Sun.COM * is identical to lsarpc_s_LookupNames. 103211337SWilliam.Krier@Sun.COM * 103311337SWilliam.Krier@Sun.COM * If LookupOptions contains LSA_LOOKUP_OPT_LOCAL and LookupLevel is not 103411337SWilliam.Krier@Sun.COM * LSA_LOOKUP_WKSTA, return STATUS_INVALID_PARAMETER. 103511337SWilliam.Krier@Sun.COM */ 103611337SWilliam.Krier@Sun.COM static int 103711337SWilliam.Krier@Sun.COM lsarpc_s_LookupNames2(void *arg, ndr_xa_t *mxa) 103811337SWilliam.Krier@Sun.COM { 103911337SWilliam.Krier@Sun.COM struct lsar_LookupNames2 *param = arg; 104011337SWilliam.Krier@Sun.COM struct lsar_rid_entry2 *rids; 104111337SWilliam.Krier@Sun.COM struct mslsa_domain_table *domain_table; 104211337SWilliam.Krier@Sun.COM struct mslsa_domain_entry *domain_entry; 104311337SWilliam.Krier@Sun.COM smb_account_t account; 104411337SWilliam.Krier@Sun.COM uint32_t status; 104511337SWilliam.Krier@Sun.COM char *accname; 104611337SWilliam.Krier@Sun.COM int rc = 0; 104711337SWilliam.Krier@Sun.COM 104811337SWilliam.Krier@Sun.COM if (param->name_table->n_entry != 1) 104911337SWilliam.Krier@Sun.COM return (NDR_DRC_FAULT_PARAM_0_UNIMPLEMENTED); 105011337SWilliam.Krier@Sun.COM 105111337SWilliam.Krier@Sun.COM if ((param->lookup_options & LSA_LOOKUP_OPT_LOCAL) && 105211337SWilliam.Krier@Sun.COM param->lookup_level != LSA_LOOKUP_WKSTA) { 105311337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames2)); 105411337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_PARAMETER); 105511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 105611337SWilliam.Krier@Sun.COM } 105711337SWilliam.Krier@Sun.COM 105811337SWilliam.Krier@Sun.COM rids = NDR_NEW(mxa, struct lsar_rid_entry2); 105911337SWilliam.Krier@Sun.COM domain_table = NDR_NEW(mxa, struct mslsa_domain_table); 106011337SWilliam.Krier@Sun.COM domain_entry = NDR_NEW(mxa, struct mslsa_domain_entry); 106111337SWilliam.Krier@Sun.COM 106211337SWilliam.Krier@Sun.COM if (rids == NULL || domain_table == NULL || domain_entry == NULL) { 106311337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames2)); 106411337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 106511337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 106611337SWilliam.Krier@Sun.COM } 106711337SWilliam.Krier@Sun.COM 106811337SWilliam.Krier@Sun.COM accname = (char *)param->name_table->names->str; 106911337SWilliam.Krier@Sun.COM status = lsa_lookup_name(accname, SidTypeUnknown, &account); 107011337SWilliam.Krier@Sun.COM if (status != NT_STATUS_SUCCESS) { 107111337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames2)); 107211337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(status); 107311337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 107411337SWilliam.Krier@Sun.COM } 107511337SWilliam.Krier@Sun.COM 107611337SWilliam.Krier@Sun.COM /* 107711337SWilliam.Krier@Sun.COM * Set up the rid table. 107811337SWilliam.Krier@Sun.COM */ 107911337SWilliam.Krier@Sun.COM bzero(rids, sizeof (struct lsar_rid_entry2)); 108011337SWilliam.Krier@Sun.COM rids[0].sid_name_use = account.a_type; 108111337SWilliam.Krier@Sun.COM rids[0].rid = account.a_rid; 108211337SWilliam.Krier@Sun.COM rids[0].domain_index = 0; 108311337SWilliam.Krier@Sun.COM param->translated_sids.n_entry = 1; 108411337SWilliam.Krier@Sun.COM param->translated_sids.rids = rids; 108511337SWilliam.Krier@Sun.COM 108611337SWilliam.Krier@Sun.COM /* 108711337SWilliam.Krier@Sun.COM * Set up the domain table. 108811337SWilliam.Krier@Sun.COM */ 108911337SWilliam.Krier@Sun.COM domain_table->entries = domain_entry; 109011337SWilliam.Krier@Sun.COM domain_table->n_entry = 1; 109111337SWilliam.Krier@Sun.COM domain_table->max_n_entry = MLSVC_DOMAIN_MAX; 109211337SWilliam.Krier@Sun.COM 109311337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, account.a_domain, 109411337SWilliam.Krier@Sun.COM (ndr_mstring_t *)&domain_entry->domain_name); 109511337SWilliam.Krier@Sun.COM 109611337SWilliam.Krier@Sun.COM domain_entry->domain_sid = 109711337SWilliam.Krier@Sun.COM (struct mslsa_sid *)NDR_SIDDUP(mxa, account.a_domsid); 109811337SWilliam.Krier@Sun.COM 109911337SWilliam.Krier@Sun.COM if (rc == -1 || domain_entry->domain_sid == NULL) { 110011337SWilliam.Krier@Sun.COM smb_account_free(&account); 110111337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames2)); 110211337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 110311337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 110411337SWilliam.Krier@Sun.COM } 110511337SWilliam.Krier@Sun.COM 110611337SWilliam.Krier@Sun.COM param->domain_table = domain_table; 110711337SWilliam.Krier@Sun.COM param->mapped_count = 1; 110811337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 110911337SWilliam.Krier@Sun.COM 111011337SWilliam.Krier@Sun.COM smb_account_free(&account); 111111337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 111211337SWilliam.Krier@Sun.COM } 111311337SWilliam.Krier@Sun.COM 111411337SWilliam.Krier@Sun.COM /* 111511337SWilliam.Krier@Sun.COM * Other than the use of lsar_LookupNames2 and lsar_rid_entry2, this 111611337SWilliam.Krier@Sun.COM * is identical to lsarpc_s_LookupNames. 111711337SWilliam.Krier@Sun.COM * 111811337SWilliam.Krier@Sun.COM * If LookupOptions contains LSA_LOOKUP_OPT_LOCAL and LookupLevel is not 111911337SWilliam.Krier@Sun.COM * LSA_LOOKUP_WKSTA, return STATUS_INVALID_PARAMETER. 112011337SWilliam.Krier@Sun.COM */ 112111337SWilliam.Krier@Sun.COM static int 112211337SWilliam.Krier@Sun.COM lsarpc_s_LookupNames3(void *arg, ndr_xa_t *mxa) 112311337SWilliam.Krier@Sun.COM { 112411337SWilliam.Krier@Sun.COM struct lsar_LookupNames3 *param = arg; 112511337SWilliam.Krier@Sun.COM struct lsar_translated_sid_ex2 *sids; 112611337SWilliam.Krier@Sun.COM struct mslsa_domain_table *domain_table; 112711337SWilliam.Krier@Sun.COM struct mslsa_domain_entry *domain_entry; 112811337SWilliam.Krier@Sun.COM smb_account_t account; 112911337SWilliam.Krier@Sun.COM uint32_t status; 113011337SWilliam.Krier@Sun.COM char *accname; 113111337SWilliam.Krier@Sun.COM int rc = 0; 113211337SWilliam.Krier@Sun.COM 113311337SWilliam.Krier@Sun.COM if (param->name_table->n_entry != 1) 113411337SWilliam.Krier@Sun.COM return (NDR_DRC_FAULT_PARAM_0_UNIMPLEMENTED); 113511337SWilliam.Krier@Sun.COM 113611337SWilliam.Krier@Sun.COM if ((param->lookup_options & LSA_LOOKUP_OPT_LOCAL) && 113711337SWilliam.Krier@Sun.COM param->lookup_level != LSA_LOOKUP_WKSTA) { 113811337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames3)); 113911337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_PARAMETER); 114011337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 114111337SWilliam.Krier@Sun.COM } 114211337SWilliam.Krier@Sun.COM 114311337SWilliam.Krier@Sun.COM sids = NDR_NEW(mxa, struct lsar_translated_sid_ex2); 114411337SWilliam.Krier@Sun.COM domain_table = NDR_NEW(mxa, struct mslsa_domain_table); 114511337SWilliam.Krier@Sun.COM domain_entry = NDR_NEW(mxa, struct mslsa_domain_entry); 114611337SWilliam.Krier@Sun.COM 114711337SWilliam.Krier@Sun.COM if (sids == NULL || domain_table == NULL || domain_entry == NULL) { 114811337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames3)); 114911337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 115011337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 115111337SWilliam.Krier@Sun.COM } 115211337SWilliam.Krier@Sun.COM 115311337SWilliam.Krier@Sun.COM accname = (char *)param->name_table->names->str; 115411337SWilliam.Krier@Sun.COM status = lsa_lookup_name(accname, SidTypeUnknown, &account); 115511337SWilliam.Krier@Sun.COM if (status != NT_STATUS_SUCCESS) { 115611337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames3)); 115711337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(status); 115811337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 115911337SWilliam.Krier@Sun.COM } 116011337SWilliam.Krier@Sun.COM 116111337SWilliam.Krier@Sun.COM /* 116211337SWilliam.Krier@Sun.COM * Set up the SID table. 116311337SWilliam.Krier@Sun.COM */ 116411337SWilliam.Krier@Sun.COM bzero(sids, sizeof (struct lsar_translated_sid_ex2)); 116511337SWilliam.Krier@Sun.COM sids[0].sid_name_use = account.a_type; 116611337SWilliam.Krier@Sun.COM sids[0].sid = (struct mslsa_sid *)NDR_SIDDUP(mxa, account.a_sid); 116711337SWilliam.Krier@Sun.COM sids[0].domain_index = 0; 116811337SWilliam.Krier@Sun.COM param->translated_sids.n_entry = 1; 116911337SWilliam.Krier@Sun.COM param->translated_sids.sids = sids; 117011337SWilliam.Krier@Sun.COM 117111337SWilliam.Krier@Sun.COM /* 117211337SWilliam.Krier@Sun.COM * Set up the domain table. 117311337SWilliam.Krier@Sun.COM */ 117411337SWilliam.Krier@Sun.COM domain_table->entries = domain_entry; 117511337SWilliam.Krier@Sun.COM domain_table->n_entry = 1; 117611337SWilliam.Krier@Sun.COM domain_table->max_n_entry = MLSVC_DOMAIN_MAX; 117711337SWilliam.Krier@Sun.COM 117811337SWilliam.Krier@Sun.COM rc = NDR_MSTRING(mxa, account.a_domain, 117911337SWilliam.Krier@Sun.COM (ndr_mstring_t *)&domain_entry->domain_name); 118011337SWilliam.Krier@Sun.COM 118111337SWilliam.Krier@Sun.COM domain_entry->domain_sid = 118211337SWilliam.Krier@Sun.COM (struct mslsa_sid *)NDR_SIDDUP(mxa, account.a_domsid); 118311337SWilliam.Krier@Sun.COM 118411337SWilliam.Krier@Sun.COM if (rc == -1 || domain_entry->domain_sid == NULL) { 118511337SWilliam.Krier@Sun.COM smb_account_free(&account); 118611337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames3)); 118711337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_NO_MEMORY); 118811337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 118911337SWilliam.Krier@Sun.COM } 119011337SWilliam.Krier@Sun.COM 119111337SWilliam.Krier@Sun.COM param->domain_table = domain_table; 119211337SWilliam.Krier@Sun.COM param->mapped_count = 1; 119311337SWilliam.Krier@Sun.COM param->status = NT_STATUS_SUCCESS; 119411337SWilliam.Krier@Sun.COM 119511337SWilliam.Krier@Sun.COM smb_account_free(&account); 119611337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 119711337SWilliam.Krier@Sun.COM } 119811337SWilliam.Krier@Sun.COM 119911337SWilliam.Krier@Sun.COM /* 120011337SWilliam.Krier@Sun.COM * LookupNames4 is only valid on domain controllers. 120111337SWilliam.Krier@Sun.COM * Other servers must return NT_STATUS_INVALID_SERVER_STATE. 120211337SWilliam.Krier@Sun.COM */ 120311337SWilliam.Krier@Sun.COM /*ARGSUSED*/ 120411337SWilliam.Krier@Sun.COM static int 120511337SWilliam.Krier@Sun.COM lsarpc_s_LookupNames4(void *arg, ndr_xa_t *mxa) 120611337SWilliam.Krier@Sun.COM { 120711337SWilliam.Krier@Sun.COM struct lsar_LookupNames4 *param = arg; 120811337SWilliam.Krier@Sun.COM 120911337SWilliam.Krier@Sun.COM bzero(param, sizeof (struct lsar_LookupNames4)); 121011337SWilliam.Krier@Sun.COM param->status = NT_SC_ERROR(NT_STATUS_INVALID_SERVER_STATE); 121111337SWilliam.Krier@Sun.COM return (NDR_DRC_OK); 121211337SWilliam.Krier@Sun.COM } 121311337SWilliam.Krier@Sun.COM 121411337SWilliam.Krier@Sun.COM /* 121511337SWilliam.Krier@Sun.COM * There is a bug in the way that ndrgen and the marshalling code handles 121611337SWilliam.Krier@Sun.COM * unions so we need to fix some of the data offsets at runtime. The 121711337SWilliam.Krier@Sun.COM * following macros and the fixup functions handle the corrections. 121811337SWilliam.Krier@Sun.COM */ 121911337SWilliam.Krier@Sun.COM 122011337SWilliam.Krier@Sun.COM DECL_FIXUP_STRUCT(mslsa_PolicyInfoResUnion); 122111337SWilliam.Krier@Sun.COM DECL_FIXUP_STRUCT(mslsa_PolicyInfoRes); 122211337SWilliam.Krier@Sun.COM DECL_FIXUP_STRUCT(mslsa_QueryInfoPolicy); 122311337SWilliam.Krier@Sun.COM void 122411337SWilliam.Krier@Sun.COM fixup_mslsa_QueryInfoPolicy(struct mslsa_QueryInfoPolicy *val) 122511337SWilliam.Krier@Sun.COM { 122611337SWilliam.Krier@Sun.COM unsigned short size1 = 0; 122711337SWilliam.Krier@Sun.COM unsigned short size2 = 0; 122811337SWilliam.Krier@Sun.COM unsigned short size3 = 0; 122911337SWilliam.Krier@Sun.COM 123011337SWilliam.Krier@Sun.COM switch (val->info_class) { 123111337SWilliam.Krier@Sun.COM case MSLSA_POLICY_AUDIT_EVENTS_INFO: 123211337SWilliam.Krier@Sun.COM size1 = sizeof (struct mslsa_AuditEventsInfo); 123311337SWilliam.Krier@Sun.COM break; 123411337SWilliam.Krier@Sun.COM 123511337SWilliam.Krier@Sun.COM case MSLSA_POLICY_PRIMARY_DOMAIN_INFO: 123611337SWilliam.Krier@Sun.COM size1 = sizeof (struct mslsa_PrimaryDomainInfo); 123711337SWilliam.Krier@Sun.COM break; 123811337SWilliam.Krier@Sun.COM 123911337SWilliam.Krier@Sun.COM case MSLSA_POLICY_ACCOUNT_DOMAIN_INFO: 124011337SWilliam.Krier@Sun.COM size1 = sizeof (struct mslsa_AccountDomainInfo); 124111337SWilliam.Krier@Sun.COM break; 124211337SWilliam.Krier@Sun.COM 124311337SWilliam.Krier@Sun.COM case MSLSA_POLICY_SERVER_ROLE_INFO: 124411337SWilliam.Krier@Sun.COM size1 = sizeof (struct mslsa_ServerRoleInfo); 124511337SWilliam.Krier@Sun.COM break; 124611337SWilliam.Krier@Sun.COM 124711337SWilliam.Krier@Sun.COM case MSLSA_POLICY_DNS_DOMAIN_INFO: 124811337SWilliam.Krier@Sun.COM size1 = sizeof (struct mslsa_DnsDomainInfo); 124911337SWilliam.Krier@Sun.COM break; 125011337SWilliam.Krier@Sun.COM 125111337SWilliam.Krier@Sun.COM default: 125211337SWilliam.Krier@Sun.COM return; 125311337SWilliam.Krier@Sun.COM }; 125411337SWilliam.Krier@Sun.COM 125511337SWilliam.Krier@Sun.COM size2 = size1 + (2 * sizeof (DWORD)); 125611337SWilliam.Krier@Sun.COM size3 = size2 + sizeof (ndr_request_hdr_t) + sizeof (DWORD); 125711337SWilliam.Krier@Sun.COM 125811337SWilliam.Krier@Sun.COM FIXUP_PDU_SIZE(mslsa_PolicyInfoResUnion, size1); 125911337SWilliam.Krier@Sun.COM FIXUP_PDU_SIZE(mslsa_PolicyInfoRes, size2); 126011337SWilliam.Krier@Sun.COM FIXUP_PDU_SIZE(mslsa_QueryInfoPolicy, size3); 126111337SWilliam.Krier@Sun.COM } 1262