Author: skel Date: 2005-08-02 20:37:52 +0000 (Tue, 02 Aug 2005) New Revision: 8945
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=8945 Log: added cac_LsaEnumTrustedDomains() cac_LsaOpenTrustedDomain(), cac_LsaQueryTrustedDomainInfo(). they haven't been tested and I need to define some constants for the info_class parm of cacLsaQueryTrustedDomainInfo() Modified: branches/SOC/SAMBA_3_0/source/include/libmsrpc.h branches/SOC/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c Changeset: Modified: branches/SOC/SAMBA_3_0/source/include/libmsrpc.h =================================================================== --- branches/SOC/SAMBA_3_0/source/include/libmsrpc.h 2005-08-02 20:35:52 UTC (rev 8944) +++ branches/SOC/SAMBA_3_0/source/include/libmsrpc.h 2005-08-02 20:37:52 UTC (rev 8945) @@ -409,10 +409,81 @@ * @return - CAC_FAILURE The operation was not successful, hnd->status is set appropriately * - CAC_SUCCESS The operation completed successfully */ -int cac_LsaEnumAcctRightsFromSid(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumAccountRights *op); +int cac_LsaEnumAccountRightsBySid(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumAccountRights *op); +struct LsaEnumTrustedDomains { + struct { + /**Open LSA policy handle*/ + POLICY_HND *pol; + } in; + + struct { + /**used to keep track of how many domains have been retrieved over multiple calls + * should be set to zero via ZERO_STRUCT() before the first call. Use the same struct LsaEnumSids for multiple calls*/ + uint32 resume_idx; + + /**The number of domains returned by the remote server this call*/ + uint32 num_domains; + + /**array of trusted domain names returned by the remote server*/ + char **domain_names; + + /**array of trusted domain sids returned by the remote server*/ + DOM_SID *domain_sids; + } out; +}; +int cac_LsaEnumTrustedDomains(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumTrustedDomains *op); +struct LsaOpenTrustedDomain { + struct { + /**an open LSA policy handle*/ + POLICY_HND *pol; + + /**SID of the trusted domain to open*/ + DOM_SID *domain_sid; + + /**Desired access on the open domain*/ + uint32 access; + } in; + + struct { + /**A handle to the policy that is opened*/ + POLICY_HND *domain_policy; + } out; +}; + +/** @ingroup LSA_Functions + * Opens a trusted domain by SID. + * @return - CAC_FAILURE a handle to the domain could not be opened. hnd->status is set with approriate NT_STATUS code + * - CAC_SUCCESS the domain was opened successfully + */ +int cac_LsaOpenTrustedDomain(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenTrustedDomain *op); + +struct LsaQueryTrustedDomainInfo { + struct { + /**Open LSA policy handle*/ + POLICY_HND *pol; + + /**Info class of returned data*/ + uint16 info_class; + + /**(Optional)SID of trusted domain to query (must specify either SID or name of trusted domain)*/ + DOM_SID *domain_sid; + + /**(Optional)Name of trusted domain to query (must specify either SID or name of trusted domain)*/ + char *domain_name; + } in; + + struct { + /**information about the trusted domain*/ + LSA_TRUSTED_DOMAIN_INFO *info; + } out; +}; + +int cac_LsaQueryTrustedDomainInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaQueryTrustedDomainInfo *op); + + void cac_GetAuthDataFn(const char * pServer, const char * pShare, char * pWorkgroup, Modified: branches/SOC/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c =================================================================== --- branches/SOC/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c 2005-08-02 20:35:52 UTC (rev 8944) +++ branches/SOC/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c 2005-08-02 20:37:52 UTC (rev 8945) @@ -558,7 +558,8 @@ } -int cac_LsaEnumAccountRights(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumAccountRights *op) { +/*TODO: make a cac_LsaEnumAccountRights() that will find the rights based on either a SID or a name*/ +int cac_LsaEnumAccountRightsBySid(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumAccountRights *op) { SMBCSRV *srv = NULL; uint32 count = 0; @@ -599,3 +600,120 @@ return CAC_SUCCESS; } + +int cac_LsaEnumTrustedDomains(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumTrustedDomains *op) { + SMBCSRV *srv; + + uint32 num_domains; + char **domain_names; + DOM_SID *domain_sids; + + if(!hnd) + return CAC_FAILURE; + + if(!hnd->ctx || !hnd->_pipes[PI_LSARPC]) { + hnd->status = NT_STATUS_INVALID_HANDLE; + return CAC_FAILURE; + } + + if(!op->in.pol) { + hnd->status = NT_STATUS_INVALID_PARAMETER; + return CAC_FAILURE; + } + + if(!cac_Connect(hnd, NULL)) { + return CAC_FAILURE; + } + + srv = hnd->srv; + srv->cli.pipe_idx = PI_LSARPC; + + hnd->status = cli_lsa_enum_trust_dom( &(srv->cli), mem_ctx, op->in.pol, &(op->out.resume_idx), &num_domains, &domain_names, &domain_sids); + + if(!NT_STATUS_IS_OK(hnd->status)) { + return CAC_FAILURE; + } + + op->out.num_domains = num_domains; + op->out.domain_names = domain_names; + op->out.domain_sids = domain_sids; + + return CAC_SUCCESS; +} + + +/*TODO: possibly make this work by either sid OR name*/ +int cac_LsaOpenTrustedDomain(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenTrustedDomain *op) { + SMBCSRV *srv = NULL; + + POLICY_HND *dom_pol = NULL; + + if(!hnd) + return CAC_FAILURE; + + if(!hnd->srv || !hnd->_pipes[PI_LSARPC]) { + hnd->status = NT_STATUS_INVALID_HANDLE; + return CAC_FAILURE; + } + + if(!op->in.pol || !op->in.access || !op->in.domain_sid) { + hnd->status = NT_STATUS_INVALID_PARAMETER; + return CAC_FAILURE; + } + + srv = hnd->srv; + srv->cli.pipe_idx = PI_LSARPC; + + hnd->status = cli_lsa_open_trusted_domain( &(srv->cli), mem_ctx, op->in.pol, op->in.domain_sid, op->in.access, dom_pol); + + if(!NT_STATUS_IS_OK(hnd->status)) { + return CAC_FAILURE; + } + + op->out.domain_policy = dom_pol; + + return CAC_SUCCESS; +} + +int cac_LsaQueryTrustedDomainInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaQueryTrustedDomainInfo *op) { + SMBCSRV *srv = NULL; + + LSA_TRUSTED_DOMAIN_INFO *dom_info; + + if(!hnd) + return CAC_FAILURE; + + if(!hnd->srv || !hnd->_pipes[PI_LSARPC]) { + hnd->status = NT_STATUS_INVALID_HANDLE; + return CAC_FAILURE; + } + + if(!op->in.pol || !op->in.info_class) { + hnd->status = NT_STATUS_INVALID_PARAMETER; + return CAC_FAILURE; + } + + if(!op->in.domain_sid && !op->in.domain_name) { + hnd->status = NT_STATUS_INVALID_PARAMETER; + return CAC_FAILURE; + } + + srv = hnd->srv; + srv->cli.pipe_idx = PI_LSARPC; + + if(op->in.domain_sid) { + hnd->status = cli_lsa_query_trusted_domain_info_by_sid( &(srv->cli), mem_ctx, op->in.pol, op->in.info_class, op->in.domain_sid, &dom_info); + } + else if(op->in.domain_name) { + hnd->status = cli_lsa_query_trusted_domain_info_by_name( &(srv->cli), mem_ctx, op->in.pol, op->in.info_class, op->in.domain_name, &dom_info); + } + + if(!NT_STATUS_IS_OK(hnd->status)) { + return CAC_FAILURE; + } + + op->out.info = dom_info; + + return CAC_SUCCESS; + +}
