1da6c28aaSamw /* 2da6c28aaSamw * CDDL HEADER START 3da6c28aaSamw * 4da6c28aaSamw * The contents of this file are subject to the terms of the 5da6c28aaSamw * Common Development and Distribution License (the "License"). 6da6c28aaSamw * You may not use this file except in compliance with the License. 7da6c28aaSamw * 8da6c28aaSamw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9da6c28aaSamw * or http://www.opensolaris.org/os/licensing. 10da6c28aaSamw * See the License for the specific language governing permissions 11da6c28aaSamw * and limitations under the License. 12da6c28aaSamw * 13da6c28aaSamw * When distributing Covered Code, include this CDDL HEADER in each 14da6c28aaSamw * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15da6c28aaSamw * If applicable, add the following below this CDDL HEADER, with the 16da6c28aaSamw * fields enclosed by brackets "[]" replaced with your own identifying 17da6c28aaSamw * information: Portions Copyright [yyyy] [name of copyright owner] 18da6c28aaSamw * 19da6c28aaSamw * CDDL HEADER END 20da6c28aaSamw */ 21*148c5f43SAlan Wright 22da6c28aaSamw /* 23*148c5f43SAlan Wright * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24da6c28aaSamw */ 25da6c28aaSamw 26da6c28aaSamw /* 27da6c28aaSamw * This module provides the high level interface to the LSA RPC functions. 28da6c28aaSamw */ 29da6c28aaSamw 30da6c28aaSamw #include <strings.h> 31da6c28aaSamw #include <unistd.h> 32da6c28aaSamw 33da6c28aaSamw #include <smbsrv/libsmb.h> 34da6c28aaSamw #include <smbsrv/libmlsvc.h> 35da6c28aaSamw #include <smbsrv/smbinfo.h> 36da6c28aaSamw #include <smbsrv/smb_token.h> 37da6c28aaSamw 3889dc44ceSjose borrego #include <lsalib.h> 39dc20a302Sas 407f667e74Sjose borrego static uint32_t lsa_lookup_name_builtin(char *, char *, smb_account_t *); 417f667e74Sjose borrego static uint32_t lsa_lookup_name_domain(char *, smb_account_t *); 42dc20a302Sas 437f667e74Sjose borrego static uint32_t lsa_lookup_sid_builtin(smb_sid_t *, smb_account_t *); 447f667e74Sjose borrego static uint32_t lsa_lookup_sid_domain(smb_sid_t *, smb_account_t *); 45dc20a302Sas 46da6c28aaSamw static int lsa_list_accounts(mlsvc_handle_t *); 47da6c28aaSamw 48dc20a302Sas /* 49dc20a302Sas * Lookup the given account and returns the account information 507f667e74Sjose borrego * in the passed smb_account_t structure. 5189dc44ceSjose borrego * 5289dc44ceSjose borrego * The lookup is performed in the following order: 5389dc44ceSjose borrego * well known accounts 5489dc44ceSjose borrego * local accounts 5589dc44ceSjose borrego * domain accounts 5689dc44ceSjose borrego * 5789dc44ceSjose borrego * If it's established the given account is well know or local 5889dc44ceSjose borrego * but the lookup fails for some reason, the next step(s) won't be 5989dc44ceSjose borrego * performed. 60dc20a302Sas * 61dc20a302Sas * If the name is a domain account, it may refer to a user, group or 62dc20a302Sas * alias. If it is a local account, its type should be specified 63dc20a302Sas * in the sid_type parameter. In case the account type is unknown 64dc20a302Sas * sid_type should be set to SidTypeUnknown. 65dc20a302Sas * 6689dc44ceSjose borrego * account argument could be either [domain\]name or [domain/]name. 6789dc44ceSjose borrego * 6889dc44ceSjose borrego * Return status: 6989dc44ceSjose borrego * 7089dc44ceSjose borrego * NT_STATUS_SUCCESS Account is successfully translated 7189dc44ceSjose borrego * NT_STATUS_NONE_MAPPED Couldn't translate the account 72dc20a302Sas */ 73dc20a302Sas uint32_t 747f667e74Sjose borrego lsa_lookup_name(char *account, uint16_t type, smb_account_t *info) 75dc20a302Sas { 7689dc44ceSjose borrego char nambuf[SMB_USERNAME_MAXLEN]; 7789dc44ceSjose borrego char dombuf[SMB_PI_MAX_DOMAIN]; 7889dc44ceSjose borrego char *name, *domain; 7989dc44ceSjose borrego uint32_t status; 8089dc44ceSjose borrego char *slash; 8189dc44ceSjose borrego 8289dc44ceSjose borrego (void) strsubst(account, '/', '\\'); 8389dc44ceSjose borrego (void) strcanon(account, "\\"); 8489dc44ceSjose borrego /* \john -> john */ 8589dc44ceSjose borrego account += strspn(account, "\\"); 8689dc44ceSjose borrego 8789dc44ceSjose borrego if ((slash = strchr(account, '\\')) != NULL) { 8889dc44ceSjose borrego *slash = '\0'; 8989dc44ceSjose borrego (void) strlcpy(dombuf, account, sizeof (dombuf)); 9089dc44ceSjose borrego (void) strlcpy(nambuf, slash + 1, sizeof (nambuf)); 9189dc44ceSjose borrego *slash = '\\'; 9289dc44ceSjose borrego name = nambuf; 9389dc44ceSjose borrego domain = dombuf; 94dc20a302Sas } else { 95dc20a302Sas name = account; 96dc20a302Sas domain = NULL; 97dc20a302Sas } 98dc20a302Sas 9989dc44ceSjose borrego status = lsa_lookup_name_builtin(domain, name, info); 10089dc44ceSjose borrego if (status == NT_STATUS_NOT_FOUND) { 1017f667e74Sjose borrego status = smb_sam_lookup_name(domain, name, type, info); 10289dc44ceSjose borrego if (status == NT_STATUS_SUCCESS) 103dc20a302Sas return (status); 104dc20a302Sas 10589dc44ceSjose borrego if ((domain == NULL) || (status == NT_STATUS_NOT_FOUND)) 10689dc44ceSjose borrego status = lsa_lookup_name_domain(account, info); 107dc20a302Sas } 108dc20a302Sas 10989dc44ceSjose borrego return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED); 110dc20a302Sas } 111dc20a302Sas 112dc20a302Sas uint32_t 1137f667e74Sjose borrego lsa_lookup_sid(smb_sid_t *sid, smb_account_t *info) 114dc20a302Sas { 1157f667e74Sjose borrego uint32_t status; 1167f667e74Sjose borrego 1176537f381Sas if (!smb_sid_isvalid(sid)) 118dc20a302Sas return (NT_STATUS_INVALID_SID); 119dc20a302Sas 1207f667e74Sjose borrego status = lsa_lookup_sid_builtin(sid, info); 1217f667e74Sjose borrego if (status == NT_STATUS_NOT_FOUND) { 1227f667e74Sjose borrego status = smb_sam_lookup_sid(sid, info); 1237f667e74Sjose borrego if (status == NT_STATUS_NOT_FOUND) 1247f667e74Sjose borrego status = lsa_lookup_sid_domain(sid, info); 1257f667e74Sjose borrego } 126dc20a302Sas 1277f667e74Sjose borrego return ((status == NT_STATUS_SUCCESS) ? status : NT_STATUS_NONE_MAPPED); 128dc20a302Sas } 129dc20a302Sas 130da6c28aaSamw /* 131da6c28aaSamw * Obtains the primary domain SID and name from the specified server 13229bd2886SAlan Wright * (domain controller). 133da6c28aaSamw * 1348d7e4166Sjose borrego * The requested information will be returned via 'info' argument. 1358d7e4166Sjose borrego * 136da6c28aaSamw * Returns NT status codes. 137da6c28aaSamw */ 138da6c28aaSamw DWORD 13929bd2886SAlan Wright lsa_query_primary_domain_info(char *server, char *domain, 140a0aa776eSAlan Wright smb_domain_t *info) 141da6c28aaSamw { 142da6c28aaSamw mlsvc_handle_t domain_handle; 143da6c28aaSamw DWORD status; 144a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 145a0aa776eSAlan Wright 146a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 147da6c28aaSamw 1488d7e4166Sjose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0) 149da6c28aaSamw return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 150da6c28aaSamw 151da6c28aaSamw status = lsar_query_info_policy(&domain_handle, 1528d7e4166Sjose borrego MSLSA_POLICY_PRIMARY_DOMAIN_INFO, info); 153da6c28aaSamw 154da6c28aaSamw (void) lsar_close(&domain_handle); 155da6c28aaSamw return (status); 156da6c28aaSamw } 157da6c28aaSamw 158da6c28aaSamw /* 159da6c28aaSamw * Obtains the account domain SID and name from the current server 16029bd2886SAlan Wright * (domain controller). 161da6c28aaSamw * 1628d7e4166Sjose borrego * The requested information will be returned via 'info' argument. 1638d7e4166Sjose borrego * 164da6c28aaSamw * Returns NT status codes. 165da6c28aaSamw */ 166da6c28aaSamw DWORD 16729bd2886SAlan Wright lsa_query_account_domain_info(char *server, char *domain, 168a0aa776eSAlan Wright smb_domain_t *info) 169da6c28aaSamw { 170da6c28aaSamw mlsvc_handle_t domain_handle; 171da6c28aaSamw DWORD status; 172a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 173a0aa776eSAlan Wright 174a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 175da6c28aaSamw 1768d7e4166Sjose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0) 177da6c28aaSamw return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 178da6c28aaSamw 179da6c28aaSamw status = lsar_query_info_policy(&domain_handle, 1808d7e4166Sjose borrego MSLSA_POLICY_ACCOUNT_DOMAIN_INFO, info); 1818d7e4166Sjose borrego 1828d7e4166Sjose borrego (void) lsar_close(&domain_handle); 1838d7e4166Sjose borrego return (status); 1848d7e4166Sjose borrego } 1858d7e4166Sjose borrego 1868d7e4166Sjose borrego /* 1878d7e4166Sjose borrego * lsa_query_dns_domain_info 1888d7e4166Sjose borrego * 1898d7e4166Sjose borrego * Obtains the DNS domain info from the specified server 1908d7e4166Sjose borrego * (domain controller). 1918d7e4166Sjose borrego * 1928d7e4166Sjose borrego * The requested information will be returned via 'info' argument. 1938d7e4166Sjose borrego * 1948d7e4166Sjose borrego * Returns NT status codes. 1958d7e4166Sjose borrego */ 1968d7e4166Sjose borrego DWORD 197a0aa776eSAlan Wright lsa_query_dns_domain_info(char *server, char *domain, smb_domain_t *info) 1988d7e4166Sjose borrego { 1998d7e4166Sjose borrego mlsvc_handle_t domain_handle; 2008d7e4166Sjose borrego DWORD status; 201a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 202a0aa776eSAlan Wright 203a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 2048d7e4166Sjose borrego 2058d7e4166Sjose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0) 2068d7e4166Sjose borrego return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 2078d7e4166Sjose borrego 2088d7e4166Sjose borrego status = lsar_query_info_policy(&domain_handle, 2098d7e4166Sjose borrego MSLSA_POLICY_DNS_DOMAIN_INFO, info); 210da6c28aaSamw 211da6c28aaSamw (void) lsar_close(&domain_handle); 212da6c28aaSamw return (status); 213da6c28aaSamw } 214da6c28aaSamw 215da6c28aaSamw /* 21629bd2886SAlan Wright * Enumerate the trusted domains of primary domain. 21729bd2886SAlan Wright * This is the basic enumaration call which only returns the 21829bd2886SAlan Wright * NetBIOS name of the domain and its SID. 219da6c28aaSamw * 2208d7e4166Sjose borrego * The requested information will be returned via 'info' argument. 2218d7e4166Sjose borrego * 222da6c28aaSamw * Returns NT status codes. 223da6c28aaSamw */ 224da6c28aaSamw DWORD 22529bd2886SAlan Wright lsa_enum_trusted_domains(char *server, char *domain, 22629bd2886SAlan Wright smb_trusted_domains_t *info) 227da6c28aaSamw { 228da6c28aaSamw mlsvc_handle_t domain_handle; 229da6c28aaSamw DWORD enum_context; 230da6c28aaSamw DWORD status; 231a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 232a0aa776eSAlan Wright 233a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 234da6c28aaSamw 2358d7e4166Sjose borrego if ((lsar_open(server, domain, user, &domain_handle)) != 0) 236da6c28aaSamw return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 237da6c28aaSamw 238da6c28aaSamw enum_context = 0; 239da6c28aaSamw 2408d7e4166Sjose borrego status = lsar_enum_trusted_domains(&domain_handle, &enum_context, info); 241*148c5f43SAlan Wright if (status == NT_STATUS_NO_MORE_ENTRIES) { 242da6c28aaSamw /* 243*148c5f43SAlan Wright * STATUS_NO_MORE_ENTRIES indicates that we 244da6c28aaSamw * have all of the available information. 245da6c28aaSamw */ 246da6c28aaSamw status = NT_STATUS_SUCCESS; 247da6c28aaSamw } 248da6c28aaSamw 249da6c28aaSamw (void) lsar_close(&domain_handle); 250da6c28aaSamw return (status); 251da6c28aaSamw } 252da6c28aaSamw 2538d7e4166Sjose borrego /* 25429bd2886SAlan Wright * Enumerate the trusted domains of the primary domain. 25529bd2886SAlan Wright * This is the extended enumaration call which besides 25629bd2886SAlan Wright * NetBIOS name of the domain and its SID, it will return 25729bd2886SAlan Wright * the FQDN plus some trust information which is not used. 25829bd2886SAlan Wright * 25929bd2886SAlan Wright * The requested information will be returned via 'info' argument. 26029bd2886SAlan Wright * 26129bd2886SAlan Wright * Returns NT status codes. 2628d7e4166Sjose borrego */ 26329bd2886SAlan Wright DWORD 26429bd2886SAlan Wright lsa_enum_trusted_domains_ex(char *server, char *domain, 26529bd2886SAlan Wright smb_trusted_domains_t *info) 2668d7e4166Sjose borrego { 26729bd2886SAlan Wright mlsvc_handle_t domain_handle; 26829bd2886SAlan Wright DWORD enum_context; 26929bd2886SAlan Wright DWORD status; 270a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 271a0aa776eSAlan Wright 272a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 2738d7e4166Sjose borrego 27429bd2886SAlan Wright if ((lsar_open(server, domain, user, &domain_handle)) != 0) 27529bd2886SAlan Wright return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 2768d7e4166Sjose borrego 27729bd2886SAlan Wright enum_context = 0; 2788d7e4166Sjose borrego 27929bd2886SAlan Wright status = lsar_enum_trusted_domains_ex(&domain_handle, &enum_context, 28029bd2886SAlan Wright info); 281*148c5f43SAlan Wright if (status == NT_STATUS_NO_MORE_ENTRIES) { 28229bd2886SAlan Wright /* 283*148c5f43SAlan Wright * STATUS_NO_MORE_ENTRIES indicates that we 28429bd2886SAlan Wright * have all of the available information. 28529bd2886SAlan Wright */ 28629bd2886SAlan Wright status = NT_STATUS_SUCCESS; 2878d7e4166Sjose borrego } 28829bd2886SAlan Wright 28929bd2886SAlan Wright (void) lsar_close(&domain_handle); 29029bd2886SAlan Wright return (status); 2918d7e4166Sjose borrego } 2928d7e4166Sjose borrego 293da6c28aaSamw /* 29489dc44ceSjose borrego * Lookup well known accounts table 295da6c28aaSamw * 29689dc44ceSjose borrego * Return status: 29789dc44ceSjose borrego * 29889dc44ceSjose borrego * NT_STATUS_SUCCESS Account is translated successfully 29989dc44ceSjose borrego * NT_STATUS_NOT_FOUND This is not a well known account 30089dc44ceSjose borrego * NT_STATUS_NONE_MAPPED Account is found but domains don't match 30189dc44ceSjose borrego * NT_STATUS_NO_MEMORY Memory shortage 30289dc44ceSjose borrego * NT_STATUS_INTERNAL_ERROR Internal error/unexpected failure 303da6c28aaSamw */ 304dc20a302Sas static uint32_t 3057f667e74Sjose borrego lsa_lookup_name_builtin(char *domain, char *name, smb_account_t *info) 306da6c28aaSamw { 30789dc44ceSjose borrego smb_wka_t *wka; 30889dc44ceSjose borrego char *wkadom; 30989dc44ceSjose borrego 3107f667e74Sjose borrego bzero(info, sizeof (smb_account_t)); 3117f667e74Sjose borrego 3127f667e74Sjose borrego if ((wka = smb_wka_lookup_name(name)) == NULL) 31389dc44ceSjose borrego return (NT_STATUS_NOT_FOUND); 314da6c28aaSamw 31589dc44ceSjose borrego if ((wkadom = smb_wka_get_domain(wka->wka_domidx)) == NULL) 31689dc44ceSjose borrego return (NT_STATUS_INTERNAL_ERROR); 317da6c28aaSamw 318bbf6f00cSJordan Brown if ((domain != NULL) && (smb_strcasecmp(domain, wkadom, 0) != 0)) 319dc20a302Sas return (NT_STATUS_NONE_MAPPED); 320da6c28aaSamw 3217f667e74Sjose borrego info->a_name = strdup(name); 3227f667e74Sjose borrego info->a_sid = smb_sid_dup(wka->wka_binsid); 3237f667e74Sjose borrego info->a_domain = strdup(wkadom); 3247f667e74Sjose borrego info->a_domsid = smb_sid_split(wka->wka_binsid, &info->a_rid); 3257f667e74Sjose borrego info->a_type = wka->wka_type; 326da6c28aaSamw 3277f667e74Sjose borrego if (!smb_account_validate(info)) { 3287f667e74Sjose borrego smb_account_free(info); 32989dc44ceSjose borrego return (NT_STATUS_NO_MEMORY); 330dc20a302Sas } 331da6c28aaSamw 332dc20a302Sas return (NT_STATUS_SUCCESS); 333da6c28aaSamw } 334da6c28aaSamw 335da6c28aaSamw /* 33689dc44ceSjose borrego * Lookup the given account in domain. 33789dc44ceSjose borrego * 33889dc44ceSjose borrego * The information is returned in the user_info structure. 33989dc44ceSjose borrego * The caller is responsible for allocating and releasing 34089dc44ceSjose borrego * this structure. 341da6c28aaSamw */ 342dc20a302Sas static uint32_t 3437f667e74Sjose borrego lsa_lookup_name_domain(char *account_name, smb_account_t *info) 344da6c28aaSamw { 345da6c28aaSamw mlsvc_handle_t domain_handle; 346a0aa776eSAlan Wright smb_domainex_t dinfo; 347dc20a302Sas uint32_t status; 348a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 349a0aa776eSAlan Wright 350a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 351da6c28aaSamw 35289dc44ceSjose borrego if (!smb_domain_getinfo(&dinfo)) 35389dc44ceSjose borrego return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 35489dc44ceSjose borrego 355a0aa776eSAlan Wright if (lsar_open(dinfo.d_dc, dinfo.d_primary.di_nbname, user, 35629bd2886SAlan Wright &domain_handle) != 0) 357da6c28aaSamw return (NT_STATUS_INVALID_PARAMETER); 358da6c28aaSamw 359fe1c642dSBill Krier status = lsar_lookup_names(&domain_handle, account_name, info); 360da6c28aaSamw 361da6c28aaSamw (void) lsar_close(&domain_handle); 362da6c28aaSamw return (status); 363da6c28aaSamw } 364da6c28aaSamw 365da6c28aaSamw /* 366da6c28aaSamw * lsa_lookup_privs 367da6c28aaSamw * 368da6c28aaSamw * Request the privileges associated with the specified account. In 369da6c28aaSamw * order to get the privileges, we first have to lookup the name on 370da6c28aaSamw * the specified domain controller and obtain the appropriate SID. 371da6c28aaSamw * The SID can then be used to open the account and obtain the 372da6c28aaSamw * account privileges. The results from both the name lookup and the 373da6c28aaSamw * privileges are returned in the user_info structure. The caller is 374da6c28aaSamw * responsible for allocating and releasing this structure. 375da6c28aaSamw * 376da6c28aaSamw * On success 0 is returned. Otherwise a -ve error code. 377da6c28aaSamw */ 378da6c28aaSamw /*ARGSUSED*/ 379da6c28aaSamw int 3807f667e74Sjose borrego lsa_lookup_privs(char *account_name, char *target_name, smb_account_t *ainfo) 381da6c28aaSamw { 382da6c28aaSamw mlsvc_handle_t domain_handle; 383da6c28aaSamw int rc; 384a0aa776eSAlan Wright smb_domainex_t dinfo; 385a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 386a0aa776eSAlan Wright 387a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 388da6c28aaSamw 3898d7e4166Sjose borrego if (!smb_domain_getinfo(&dinfo)) 3908d7e4166Sjose borrego return (-1); 3918d7e4166Sjose borrego 392a0aa776eSAlan Wright if ((lsar_open(dinfo.d_dc, dinfo.d_primary.di_nbname, user, 3938d7e4166Sjose borrego &domain_handle)) != 0) 394da6c28aaSamw return (-1); 395da6c28aaSamw 396da6c28aaSamw rc = lsa_list_accounts(&domain_handle); 397da6c28aaSamw (void) lsar_close(&domain_handle); 398da6c28aaSamw return (rc); 399da6c28aaSamw } 400da6c28aaSamw 401da6c28aaSamw /* 402da6c28aaSamw * lsa_list_privs 403da6c28aaSamw * 404da6c28aaSamw * List the privileges supported by the specified server. 405da6c28aaSamw * This function is only intended for diagnostics. 406da6c28aaSamw * 407da6c28aaSamw * Returns NT status codes. 408da6c28aaSamw */ 409da6c28aaSamw DWORD 410da6c28aaSamw lsa_list_privs(char *server, char *domain) 411da6c28aaSamw { 412da6c28aaSamw static char name[128]; 413da6c28aaSamw static struct ms_luid luid; 414da6c28aaSamw mlsvc_handle_t domain_handle; 415da6c28aaSamw int rc; 416da6c28aaSamw int i; 417a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 418a0aa776eSAlan Wright 419a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 420da6c28aaSamw 42155bf511dSas rc = lsar_open(server, domain, user, &domain_handle); 422da6c28aaSamw if (rc != 0) 423da6c28aaSamw return (NT_STATUS_INVALID_PARAMETER); 424da6c28aaSamw 425da6c28aaSamw for (i = 0; i < 30; ++i) { 426da6c28aaSamw luid.low_part = i; 427da6c28aaSamw rc = lsar_lookup_priv_name(&domain_handle, &luid, name, 128); 428da6c28aaSamw if (rc != 0) 429da6c28aaSamw continue; 430da6c28aaSamw 431da6c28aaSamw (void) lsar_lookup_priv_value(&domain_handle, name, &luid); 432da6c28aaSamw (void) lsar_lookup_priv_display_name(&domain_handle, name, 433da6c28aaSamw name, 128); 434da6c28aaSamw } 435da6c28aaSamw 436da6c28aaSamw (void) lsar_close(&domain_handle); 437da6c28aaSamw return (NT_STATUS_SUCCESS); 438da6c28aaSamw } 439da6c28aaSamw 440da6c28aaSamw /* 441da6c28aaSamw * lsa_list_accounts 442da6c28aaSamw * 443da6c28aaSamw * This function can be used to list the accounts in the specified 444da6c28aaSamw * domain. For now the SIDs are just listed in the system log. 445da6c28aaSamw * 446da6c28aaSamw * On success 0 is returned. Otherwise a -ve error code. 447da6c28aaSamw */ 448da6c28aaSamw static int 449da6c28aaSamw lsa_list_accounts(mlsvc_handle_t *domain_handle) 450da6c28aaSamw { 451da6c28aaSamw mlsvc_handle_t account_handle; 452da6c28aaSamw struct mslsa_EnumAccountBuf accounts; 453da6c28aaSamw struct mslsa_sid *sid; 4547f667e74Sjose borrego smb_account_t ainfo; 455da6c28aaSamw DWORD enum_context = 0; 456da6c28aaSamw int rc; 457da6c28aaSamw int i; 458da6c28aaSamw 459da6c28aaSamw bzero(&accounts, sizeof (struct mslsa_EnumAccountBuf)); 460da6c28aaSamw 461da6c28aaSamw do { 462da6c28aaSamw rc = lsar_enum_accounts(domain_handle, &enum_context, 463da6c28aaSamw &accounts); 464da6c28aaSamw if (rc != 0) 465da6c28aaSamw return (rc); 466da6c28aaSamw 467da6c28aaSamw for (i = 0; i < accounts.entries_read; ++i) { 468da6c28aaSamw sid = accounts.info[i].sid; 469da6c28aaSamw 470da6c28aaSamw if (lsar_open_account(domain_handle, sid, 471da6c28aaSamw &account_handle) == 0) { 472da6c28aaSamw (void) lsar_enum_privs_account(&account_handle, 4737f667e74Sjose borrego &ainfo); 474da6c28aaSamw (void) lsar_close(&account_handle); 475da6c28aaSamw } 476da6c28aaSamw 477da6c28aaSamw free(accounts.info[i].sid); 478da6c28aaSamw } 479da6c28aaSamw 480da6c28aaSamw if (accounts.info) 481da6c28aaSamw free(accounts.info); 482da6c28aaSamw } while (rc == 0 && accounts.entries_read != 0); 483da6c28aaSamw 484da6c28aaSamw return (0); 485da6c28aaSamw } 486dc20a302Sas 487dc20a302Sas /* 4887f667e74Sjose borrego * Lookup well known accounts table for the given SID 489dc20a302Sas * 4907f667e74Sjose borrego * Return status: 4917f667e74Sjose borrego * 4927f667e74Sjose borrego * NT_STATUS_SUCCESS Account is translated successfully 4937f667e74Sjose borrego * NT_STATUS_NOT_FOUND This is not a well known account 4947f667e74Sjose borrego * NT_STATUS_NO_MEMORY Memory shortage 4957f667e74Sjose borrego * NT_STATUS_INTERNAL_ERROR Internal error/unexpected failure 496dc20a302Sas */ 497dc20a302Sas static uint32_t 4987f667e74Sjose borrego lsa_lookup_sid_builtin(smb_sid_t *sid, smb_account_t *ainfo) 499dc20a302Sas { 5007f667e74Sjose borrego smb_wka_t *wka; 5017f667e74Sjose borrego char *wkadom; 502dc20a302Sas 5037f667e74Sjose borrego bzero(ainfo, sizeof (smb_account_t)); 504dc20a302Sas 5057f667e74Sjose borrego if ((wka = smb_wka_lookup_sid(sid)) == NULL) 5067f667e74Sjose borrego return (NT_STATUS_NOT_FOUND); 507dc20a302Sas 5087f667e74Sjose borrego if ((wkadom = smb_wka_get_domain(wka->wka_domidx)) == NULL) 509dc20a302Sas return (NT_STATUS_INTERNAL_ERROR); 510dc20a302Sas 5117f667e74Sjose borrego ainfo->a_name = strdup(wka->wka_name); 5127f667e74Sjose borrego ainfo->a_sid = smb_sid_dup(wka->wka_binsid); 5137f667e74Sjose borrego ainfo->a_domain = strdup(wkadom); 5147f667e74Sjose borrego ainfo->a_domsid = smb_sid_split(ainfo->a_sid, &ainfo->a_rid); 5157f667e74Sjose borrego ainfo->a_type = wka->wka_type; 516dc20a302Sas 5177f667e74Sjose borrego if (!smb_account_validate(ainfo)) { 5187f667e74Sjose borrego smb_account_free(ainfo); 519dc20a302Sas return (NT_STATUS_NO_MEMORY); 5207f667e74Sjose borrego } 521dc20a302Sas 522dc20a302Sas return (NT_STATUS_SUCCESS); 523dc20a302Sas } 524dc20a302Sas 525dc20a302Sas static uint32_t 5267f667e74Sjose borrego lsa_lookup_sid_domain(smb_sid_t *sid, smb_account_t *ainfo) 527dc20a302Sas { 528dc20a302Sas mlsvc_handle_t domain_handle; 529dc20a302Sas uint32_t status; 530a0aa776eSAlan Wright smb_domainex_t dinfo; 531a0aa776eSAlan Wright char user[SMB_USERNAME_MAXLEN]; 532a0aa776eSAlan Wright 533a0aa776eSAlan Wright smb_ipc_get_user(user, SMB_USERNAME_MAXLEN); 5348d7e4166Sjose borrego 5358d7e4166Sjose borrego if (!smb_domain_getinfo(&dinfo)) 5368d7e4166Sjose borrego return (NT_STATUS_CANT_ACCESS_DOMAIN_INFO); 537dc20a302Sas 538a0aa776eSAlan Wright if (lsar_open(dinfo.d_dc, dinfo.d_primary.di_nbname, user, 53929bd2886SAlan Wright &domain_handle) != 0) 540dc20a302Sas return (NT_STATUS_INVALID_PARAMETER); 541dc20a302Sas 542fe1c642dSBill Krier status = lsar_lookup_sids(&domain_handle, sid, ainfo); 543dc20a302Sas 544dc20a302Sas (void) lsar_close(&domain_handle); 545dc20a302Sas return (status); 546dc20a302Sas } 547