134
142
/***************************************************************************
143
lookup_lsa_rids. Must be called as root for lookup_name to work.
136
144
***************************************************************************/
138
static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2,
139
int num_entries, UNISTR2 *name,
140
uint32 *mapped_count, BOOL endian)
146
static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
152
uint32 *pmapped_count)
154
uint32 mapped_count, i;
146
156
SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
148
become_root(); /* lookup_name can require root privs */
150
161
for (i = 0; i < num_entries; i++) {
153
uint32 rid = 0xffffffff;
156
fstring dom_name, user;
157
enum SID_NAME_USE name_type = SID_NAME_UNKNOWN;
167
enum SID_NAME_USE type = SID_NAME_UNKNOWN;
159
169
/* Split name into domain and user component */
161
unistr2_to_ascii(full_name, &name[i], sizeof(full_name));
162
split_domain_name(full_name, dom_name, user);
166
DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name));
168
status = lookup_name(dom_name, user, &sid, &name_type);
170
if((name_type == SID_NAME_UNKNOWN) && (lp_server_role() == ROLE_DOMAIN_MEMBER) && (strncmp(dom_name, full_name, strlen(dom_name)) != 0)) {
171
DEBUG(5, ("init_lsa_rid2s: domain name not provided and local account not found, using member domain\n"));
172
fstrcpy(dom_name, lp_workgroup());
173
status = lookup_name(dom_name, user, &sid, &name_type);
176
if (name_type == SID_NAME_WKN_GRP) {
177
/* BUILTIN aliases are still aliases :-) */
178
name_type = SID_NAME_ALIAS;
181
DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" :
184
if (status && name_type != SID_NAME_UNKNOWN) {
171
full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]);
172
if (full_name == NULL) {
173
DEBUG(0, ("pull_ucs2_talloc failed\n"));
174
return NT_STATUS_NO_MEMORY;
177
DEBUG(5, ("lookup_lsa_rids: looking up name %s\n", full_name));
179
/* We can ignore the result of lookup_name, it will not touch
180
"type" if it's not successful */
182
lookup_name(mem_ctx, full_name, flags, &domain, NULL,
187
case SID_NAME_DOM_GRP:
188
case SID_NAME_DOMAIN:
190
case SID_NAME_WKN_GRP:
191
DEBUG(5, ("init_lsa_rids: %s found\n", full_name));
192
/* Leave these unchanged */
195
/* Don't hand out anything but the list above */
196
DEBUG(5, ("init_lsa_rids: %s not found\n", full_name));
197
type = SID_NAME_UNKNOWN;
204
if (type != SID_NAME_UNKNOWN) {
185
205
sid_split_rid(&sid, &rid);
186
dom_idx = init_dom_ref(ref, dom_name, &sid);
191
name_type = SID_NAME_UNKNOWN;
194
init_dom_rid2(&rid2[total], rid, name_type, dom_idx);
206
dom_idx = init_dom_ref(ref, domain, &sid);
210
init_dom_rid(&prid[i], rid, type, dom_idx);
213
*pmapped_count = mapped_count;
217
/***************************************************************************
218
lookup_lsa_sids. Must be called as root for lookup_name to work.
219
***************************************************************************/
221
static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
223
LSA_TRANSLATED_SID3 *trans_sids,
227
uint32 *pmapped_count)
229
uint32 mapped_count, i;
231
SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
236
for (i = 0; i < num_entries; i++) {
242
enum SID_NAME_USE type = SID_NAME_UNKNOWN;
244
/* Split name into domain and user component */
246
full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]);
247
if (full_name == NULL) {
248
DEBUG(0, ("pull_ucs2_talloc failed\n"));
249
return NT_STATUS_NO_MEMORY;
252
DEBUG(5, ("init_lsa_sids: looking up name %s\n", full_name));
254
/* We can ignore the result of lookup_name, it will not touch
255
"type" if it's not successful */
257
lookup_name(mem_ctx, full_name, flags, &domain, NULL,
262
case SID_NAME_DOM_GRP:
263
case SID_NAME_DOMAIN:
265
case SID_NAME_WKN_GRP:
266
DEBUG(5, ("init_lsa_sids: %s found\n", full_name));
267
/* Leave these unchanged */
270
/* Don't hand out anything but the list above */
271
DEBUG(5, ("init_lsa_sids: %s not found\n", full_name));
272
type = SID_NAME_UNKNOWN;
279
if (type != SID_NAME_UNKNOWN) {
281
sid_copy(&domain_sid, &sid);
282
sid_split_rid(&domain_sid, &rid);
283
dom_idx = init_dom_ref(ref, domain, &domain_sid);
287
/* Initialize the LSA_TRANSLATED_SID3 return. */
288
trans_sids[i].sid_type = type;
289
trans_sids[i].sid2 = TALLOC_P(mem_ctx, DOM_SID2);
290
if (trans_sids[i].sid2 == NULL) {
291
return NT_STATUS_NO_MEMORY;
293
init_dom_sid2(trans_sids[i].sid2, &sid);
294
trans_sids[i].sid_idx = dom_idx;
297
*pmapped_count = mapped_count;
201
301
/***************************************************************************
205
305
static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
206
306
DOM_R_REF *ref, uint32 num_entries,
207
DOM_RID2 *rid2, uint32 mapped_count)
209
r_l->ptr_dom_ref = 1;
212
r_l->num_entries = num_entries;
213
r_l->ptr_entries = 1;
214
r_l->num_entries2 = num_entries;
217
r_l->mapped_count = mapped_count;
220
/***************************************************************************
221
Init lsa_trans_names.
222
***************************************************************************/
224
static void init_lsa_trans_names(TALLOC_CTX *ctx, DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
225
int num_entries, DOM_SID2 *sid,
226
uint32 *mapped_count)
232
/* Allocate memory for list of names */
234
if (num_entries > 0) {
235
if (!(trn->name = TALLOC_ARRAY(ctx, LSA_TRANS_NAME, num_entries))) {
236
DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
240
if (!(trn->uni_name = TALLOC_ARRAY(ctx, UNISTR2, num_entries))) {
241
DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
246
become_root(); /* Need root to get to passdb to for local sids */
248
for (i = 0; i < num_entries; i++) {
250
DOM_SID find_sid = sid[i].sid;
251
uint32 rid = 0xffffffff;
253
fstring name, dom_name;
254
enum SID_NAME_USE sid_name_use = (enum SID_NAME_USE)0;
256
sid_to_string(name, &find_sid);
257
DEBUG(5, ("init_lsa_trans_names: looking up sid %s\n", name));
259
/* Lookup sid from winbindd */
261
status = lookup_sid(&find_sid, dom_name, name, &sid_name_use);
263
DEBUG(5, ("init_lsa_trans_names: %s\n", status ? "found" :
267
sid_name_use = SID_NAME_UNKNOWN;
268
memset(dom_name, '\0', sizeof(dom_name));
269
sid_to_string(name, &find_sid);
272
DEBUG(10,("init_lsa_trans_names: added unknown user '%s' to "
273
"referenced list.\n", name ));
276
/* Store domain sid in ref array */
277
if (find_sid.num_auths == 5) {
278
sid_split_rid(&find_sid, &rid);
280
dom_idx = init_dom_ref(ref, dom_name, &find_sid);
282
DEBUG(10,("init_lsa_trans_names: added %s '%s\\%s' (%d) to referenced list.\n",
283
sid_type_lookup(sid_name_use), dom_name, name, sid_name_use ));
287
init_lsa_trans_name(&trn->name[total], &trn->uni_name[total],
288
sid_name_use, name, dom_idx);
294
trn->num_entries = total;
295
trn->ptr_trans_names = 1;
296
trn->num_entries2 = total;
299
/***************************************************************************
300
Init_reply_lookup_sids.
301
***************************************************************************/
303
static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
304
DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
307
r_l->ptr_dom_ref = 1;
310
r_l->mapped_count = mapped_count;
307
DOM_RID *rid, uint32 mapped_count)
309
r_l->ptr_dom_ref = 1;
312
r_l->num_entries = num_entries;
313
r_l->ptr_entries = 1;
314
r_l->num_entries2 = num_entries;
317
r_l->mapped_count = mapped_count;
320
/***************************************************************************
321
init_reply_lookup_names2
322
***************************************************************************/
324
static void init_reply_lookup_names2(LSA_R_LOOKUP_NAMES2 *r_l,
325
DOM_R_REF *ref, uint32 num_entries,
326
DOM_RID2 *rid, uint32 mapped_count)
328
r_l->ptr_dom_ref = 1;
331
r_l->num_entries = num_entries;
332
r_l->ptr_entries = 1;
333
r_l->num_entries2 = num_entries;
336
r_l->mapped_count = mapped_count;
339
/***************************************************************************
340
init_reply_lookup_names3
341
***************************************************************************/
343
static void init_reply_lookup_names3(LSA_R_LOOKUP_NAMES3 *r_l,
344
DOM_R_REF *ref, uint32 num_entries,
345
LSA_TRANSLATED_SID3 *trans_sids, uint32 mapped_count)
347
r_l->ptr_dom_ref = 1;
350
r_l->num_entries = num_entries;
351
r_l->ptr_entries = 1;
352
r_l->num_entries2 = num_entries;
353
r_l->trans_sids = trans_sids;
355
r_l->mapped_count = mapped_count;
358
/***************************************************************************
359
init_reply_lookup_names4
360
***************************************************************************/
362
static void init_reply_lookup_names4(LSA_R_LOOKUP_NAMES4 *r_l,
363
DOM_R_REF *ref, uint32 num_entries,
364
LSA_TRANSLATED_SID3 *trans_sids, uint32 mapped_count)
366
r_l->ptr_dom_ref = 1;
369
r_l->num_entries = num_entries;
370
r_l->ptr_entries = 1;
371
r_l->num_entries2 = num_entries;
372
r_l->trans_sids = trans_sids;
374
r_l->mapped_count = mapped_count;
377
/***************************************************************************
378
Init_reply_lookup_sids.
379
***************************************************************************/
381
static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
383
LSA_TRANS_NAME_ENUM2 *names,
386
r_l->ptr_dom_ref = ref ? 1 : 0;
389
r_l->mapped_count = mapped_count;
392
/***************************************************************************
393
Init_reply_lookup_sids.
394
***************************************************************************/
396
static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l,
398
LSA_TRANS_NAME_ENUM2 *names,
401
r_l->ptr_dom_ref = ref ? 1 : 0;
404
r_l->mapped_count = mapped_count;
407
/***************************************************************************
408
Init_reply_lookup_sids.
409
***************************************************************************/
411
static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
412
LSA_R_LOOKUP_SIDS *r_l,
414
LSA_TRANS_NAME_ENUM2 *names,
417
LSA_TRANS_NAME_ENUM *oldnames = TALLOC_ZERO_P(mem_ctx, LSA_TRANS_NAME_ENUM);
420
return NT_STATUS_NO_MEMORY;
423
oldnames->num_entries = names->num_entries;
424
oldnames->ptr_trans_names = names->ptr_trans_names;
425
oldnames->num_entries2 = names->num_entries2;
426
oldnames->uni_name = names->uni_name;
428
if (names->num_entries) {
431
oldnames->name = TALLOC_ARRAY(oldnames, LSA_TRANS_NAME, names->num_entries);
433
if (!oldnames->name) {
434
return NT_STATUS_NO_MEMORY;
436
for (i = 0; i < names->num_entries; i++) {
437
oldnames->name[i].sid_name_use = names->name[i].sid_name_use;
438
oldnames->name[i].hdr_name = names->name[i].hdr_name;
439
oldnames->name[i].domain_idx = names->name[i].domain_idx;
443
r_l->ptr_dom_ref = ref ? 1 : 0;
445
r_l->names = oldnames;
446
r_l->mapped_count = mapped_count;
313
450
static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *sd_size)
630
797
if (NT_STATUS_IS_OK(r_u->status)) {
631
r_u->undoc_buffer = 0x22000000; /* bizarre */
632
r_u->info_class = q_u->info_class;
798
r_u->dom_ptr = 0x22000000; /* bizarre */
799
ctr->info_class = q_u->info_class;
635
802
return r_u->status;
638
805
/***************************************************************************
806
_lsa_lookup_sids_internal
807
***************************************************************************/
809
static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
810
uint16 level, /* input */
811
int num_sids, /* input */
812
const DOM_SID2 *sid, /* input */
813
DOM_R_REF **pp_ref, /* output */
814
LSA_TRANS_NAME_ENUM2 **pp_names, /* output */
815
uint32 *pp_mapped_count)
819
const DOM_SID **sids = NULL;
820
LSA_TRANS_NAME_ENUM2 *names = NULL;
821
DOM_R_REF *ref = NULL;
822
uint32 mapped_count = 0;
823
struct lsa_dom_info *dom_infos = NULL;
824
struct lsa_name_info *name_infos = NULL;
826
*pp_mapped_count = 0;
830
names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2);
831
sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids);
832
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
834
if (sids == NULL || names == NULL || ref == NULL) {
835
return NT_STATUS_NO_MEMORY;
838
for (i=0; i<num_sids; i++) {
839
sids[i] = &sid[i].sid;
842
status = lookup_sids(p->mem_ctx, num_sids, sids, level,
843
&dom_infos, &name_infos);
845
if (!NT_STATUS_IS_OK(status)) {
850
names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids);
851
names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids);
852
if ((names->name == NULL) || (names->uni_name == NULL)) {
853
return NT_STATUS_NO_MEMORY;
857
for (i=0; i<MAX_REF_DOMAINS; i++) {
859
if (!dom_infos[i].valid) {
863
if (init_dom_ref(ref, dom_infos[i].name,
864
&dom_infos[i].sid) != i) {
865
DEBUG(0, ("Domain %s mentioned twice??\n",
867
return NT_STATUS_INTERNAL_ERROR;
871
for (i=0; i<num_sids; i++) {
872
struct lsa_name_info *name = &name_infos[i];
874
if (name->type == SID_NAME_UNKNOWN) {
876
/* unknown sids should return the string representation of the SID */
877
name->name = talloc_asprintf(p->mem_ctx, "%s",
878
sid_string_static(sids[i]));
879
if (name->name == NULL) {
880
return NT_STATUS_NO_MEMORY;
885
init_lsa_trans_name2(&names->name[i], &names->uni_name[i],
886
name->type, name->name, name->dom_idx);
889
names->num_entries = num_sids;
890
names->ptr_trans_names = 1;
891
names->num_entries2 = num_sids;
893
status = NT_STATUS_NONE_MAPPED;
894
if (mapped_count > 0) {
895
status = (mapped_count < num_sids) ?
896
STATUS_SOME_UNMAPPED : NT_STATUS_OK;
899
DEBUG(10, ("num_sids %d, mapped_count %d, status %s\n",
900
num_sids, mapped_count, nt_errstr(status)));
902
*pp_mapped_count = mapped_count;
909
/***************************************************************************
640
911
***************************************************************************/
642
NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_SIDS *r_u)
644
struct lsa_info *handle;
645
DOM_SID2 *sid = q_u->sids.sid;
646
int num_entries = q_u->sids.num_entries;
647
DOM_R_REF *ref = NULL;
648
LSA_TRANS_NAME_ENUM *names = NULL;
649
uint32 mapped_count = 0;
651
if (num_entries > MAX_LOOKUP_SIDS) {
653
DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, truncating SID lookup list to %d\n", MAX_LOOKUP_SIDS, num_entries));
654
r_u->status = NT_STATUS_NONE_MAPPED;
657
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
658
names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM);
660
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
661
r_u->status = NT_STATUS_INVALID_HANDLE;
913
NTSTATUS _lsa_lookup_sids(pipes_struct *p,
914
LSA_Q_LOOKUP_SIDS *q_u,
915
LSA_R_LOOKUP_SIDS *r_u)
917
struct lsa_info *handle;
918
int num_sids = q_u->sids.num_entries;
919
uint32 mapped_count = 0;
920
DOM_R_REF *ref = NULL;
921
LSA_TRANS_NAME_ENUM2 *names = NULL;
924
if ((q_u->level < 1) || (q_u->level > 6)) {
925
return NT_STATUS_INVALID_PARAMETER;
928
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
929
return NT_STATUS_INVALID_HANDLE;
932
/* check if the user has enough rights */
933
if (!(handle->access & POLICY_LOOKUP_NAMES)) {
934
return NT_STATUS_ACCESS_DENIED;
937
if (num_sids > MAX_LOOKUP_SIDS) {
938
DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, requested %d\n",
939
MAX_LOOKUP_SIDS, num_sids));
940
return NT_STATUS_NONE_MAPPED;
943
r_u->status = _lsa_lookup_sids_internal(p,
951
/* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */
953
status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, names, mapped_count);
954
if (!NT_STATUS_IS_OK(status)) {
960
/***************************************************************************
962
***************************************************************************/
964
NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
965
LSA_Q_LOOKUP_SIDS2 *q_u,
966
LSA_R_LOOKUP_SIDS2 *r_u)
968
struct lsa_info *handle;
969
int num_sids = q_u->sids.num_entries;
970
uint32 mapped_count = 0;
971
DOM_R_REF *ref = NULL;
972
LSA_TRANS_NAME_ENUM2 *names = NULL;
974
if ((q_u->level < 1) || (q_u->level > 6)) {
975
return NT_STATUS_INVALID_PARAMETER;
978
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
979
return NT_STATUS_INVALID_HANDLE;
665
982
/* check if the user have enough rights */
666
983
if (!(handle->access & POLICY_LOOKUP_NAMES)) {
667
r_u->status = NT_STATUS_ACCESS_DENIED;
671
return NT_STATUS_NO_MEMORY;
675
/* set up the LSA Lookup SIDs response */
676
init_lsa_trans_names(p->mem_ctx, ref, names, num_entries, sid, &mapped_count);
677
if (NT_STATUS_IS_OK(r_u->status)) {
678
if (mapped_count == 0)
679
r_u->status = NT_STATUS_NONE_MAPPED;
680
else if (mapped_count != num_entries)
681
r_u->status = STATUS_SOME_UNMAPPED;
683
init_reply_lookup_sids(r_u, ref, names, mapped_count);
984
return NT_STATUS_ACCESS_DENIED;
987
if (num_sids > MAX_LOOKUP_SIDS) {
988
DEBUG(5,("_lsa_lookup_sids2: limit of %d exceeded, requested %d\n",
989
MAX_LOOKUP_SIDS, num_sids));
990
return NT_STATUS_NONE_MAPPED;
993
r_u->status = _lsa_lookup_sids_internal(p,
1001
init_reply_lookup_sids2(r_u, ref, names, mapped_count);
1005
/***************************************************************************
1007
***************************************************************************/
1009
NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
1010
LSA_Q_LOOKUP_SIDS3 *q_u,
1011
LSA_R_LOOKUP_SIDS3 *r_u)
1013
int num_sids = q_u->sids.num_entries;
1014
uint32 mapped_count = 0;
1015
DOM_R_REF *ref = NULL;
1016
LSA_TRANS_NAME_ENUM2 *names = NULL;
1018
if ((q_u->level < 1) || (q_u->level > 6)) {
1019
return NT_STATUS_INVALID_PARAMETER;
1022
/* No policy handle on this call. Restrict to crypto connections. */
1023
if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1024
DEBUG(0,("_lsa_lookup_sids3: client %s not using schannel for netlogon\n",
1025
get_remote_machine_name() ));
1026
return NT_STATUS_INVALID_PARAMETER;
1029
if (num_sids > MAX_LOOKUP_SIDS) {
1030
DEBUG(5,("_lsa_lookup_sids3: limit of %d exceeded, requested %d\n",
1031
MAX_LOOKUP_SIDS, num_sids));
1032
return NT_STATUS_NONE_MAPPED;
1035
r_u->status = _lsa_lookup_sids_internal(p,
1043
init_reply_lookup_sids3(r_u, ref, names, mapped_count);
685
1044
return r_u->status;
720
1085
if (!ref || !rids)
721
1086
return NT_STATUS_NO_MEMORY;
1088
/* set up the LSA Lookup RIDs response */
1089
become_root(); /* lookup_name can require root privs */
1090
r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
1091
names, flags, &mapped_count);
725
/* set up the LSA Lookup RIDs response */
726
init_lsa_rid2s(ref, rids, num_entries, names, &mapped_count, p->endian);
727
if (NT_STATUS_IS_OK(r_u->status)) {
1096
if (NT_STATUS_IS_OK(r_u->status) && (num_entries != 0) ) {
728
1097
if (mapped_count == 0)
729
1098
r_u->status = NT_STATUS_NONE_MAPPED;
730
1099
else if (mapped_count != num_entries)
731
1100
r_u->status = STATUS_SOME_UNMAPPED;
733
1103
init_reply_lookup_names(r_u, ref, num_entries, rids, mapped_count);
1107
/***************************************************************************
1108
lsa_reply_lookup_names2
1109
***************************************************************************/
1111
NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOOKUP_NAMES2 *r_u)
1113
struct lsa_info *handle;
1114
UNISTR2 *names = q_u->uni_name;
1115
uint32 num_entries = q_u->num_entries;
1120
uint32 mapped_count = 0;
1123
if (num_entries > MAX_LOOKUP_SIDS) {
1124
num_entries = MAX_LOOKUP_SIDS;
1125
DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries));
1128
/* Probably the lookup_level is some sort of bitmask. */
1129
if (q_u->lookup_level == 1) {
1130
flags = LOOKUP_NAME_ALL;
1133
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
1134
rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries);
1135
rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries);
1137
if ((ref == NULL) || (rids == NULL) || (rids2 == NULL)) {
1138
r_u->status = NT_STATUS_NO_MEMORY;
1139
return NT_STATUS_NO_MEMORY;
1142
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
1143
r_u->status = NT_STATUS_INVALID_HANDLE;
1147
/* check if the user have enough rights */
1148
if (!(handle->access & POLICY_LOOKUP_NAMES)) {
1149
r_u->status = NT_STATUS_ACCESS_DENIED;
1153
/* set up the LSA Lookup RIDs response */
1154
become_root(); /* lookup_name can require root privs */
1155
r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
1156
names, flags, &mapped_count);
1161
if (NT_STATUS_IS_OK(r_u->status)) {
1162
if (mapped_count == 0) {
1163
r_u->status = NT_STATUS_NONE_MAPPED;
1164
} else if (mapped_count != num_entries) {
1165
r_u->status = STATUS_SOME_UNMAPPED;
1169
/* Convert the rids array to rids2. */
1170
for (i = 0; i < num_entries; i++) {
1171
rids2[i].type = rids[i].type;
1172
rids2[i].rid = rids[i].rid;
1173
rids2[i].rid_idx = rids[i].rid_idx;
1174
rids2[i].unknown = 0;
1177
init_reply_lookup_names2(r_u, ref, num_entries, rids2, mapped_count);
1181
/***************************************************************************
1182
lsa_reply_lookup_names3.
1183
***************************************************************************/
1185
NTSTATUS _lsa_lookup_names3(pipes_struct *p, LSA_Q_LOOKUP_NAMES3 *q_u, LSA_R_LOOKUP_NAMES3 *r_u)
1187
struct lsa_info *handle;
1188
UNISTR2 *names = q_u->uni_name;
1189
uint32 num_entries = q_u->num_entries;
1190
DOM_R_REF *ref = NULL;
1191
LSA_TRANSLATED_SID3 *trans_sids = NULL;
1192
uint32 mapped_count = 0;
1195
if (num_entries > MAX_LOOKUP_SIDS) {
1196
num_entries = MAX_LOOKUP_SIDS;
1197
DEBUG(5,("_lsa_lookup_names3: truncating name lookup list to %d\n", num_entries));
1200
/* Probably the lookup_level is some sort of bitmask. */
1201
if (q_u->lookup_level == 1) {
1202
flags = LOOKUP_NAME_ALL;
1205
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
1206
trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries);
1208
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
1209
r_u->status = NT_STATUS_INVALID_HANDLE;
1213
/* check if the user have enough rights */
1214
if (!(handle->access & POLICY_LOOKUP_NAMES)) {
1215
r_u->status = NT_STATUS_ACCESS_DENIED;
1219
if (!ref || !trans_sids) {
1220
return NT_STATUS_NO_MEMORY;
1223
/* set up the LSA Lookup SIDs response */
1224
become_root(); /* lookup_name can require root privs */
1225
r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries,
1226
names, flags, &mapped_count);
1231
if (NT_STATUS_IS_OK(r_u->status)) {
1232
if (mapped_count == 0) {
1233
r_u->status = NT_STATUS_NONE_MAPPED;
1234
} else if (mapped_count != num_entries) {
1235
r_u->status = STATUS_SOME_UNMAPPED;
1239
init_reply_lookup_names3(r_u, ref, num_entries, trans_sids, mapped_count);
1243
/***************************************************************************
1244
lsa_reply_lookup_names4.
1245
***************************************************************************/
1247
NTSTATUS _lsa_lookup_names4(pipes_struct *p, LSA_Q_LOOKUP_NAMES4 *q_u, LSA_R_LOOKUP_NAMES4 *r_u)
1249
UNISTR2 *names = q_u->uni_name;
1250
uint32 num_entries = q_u->num_entries;
1251
DOM_R_REF *ref = NULL;
1252
LSA_TRANSLATED_SID3 *trans_sids = NULL;
1253
uint32 mapped_count = 0;
1256
if (num_entries > MAX_LOOKUP_SIDS) {
1257
num_entries = MAX_LOOKUP_SIDS;
1258
DEBUG(5,("_lsa_lookup_names4: truncating name lookup list to %d\n", num_entries));
1261
/* Probably the lookup_level is some sort of bitmask. */
1262
if (q_u->lookup_level == 1) {
1263
flags = LOOKUP_NAME_ALL;
1266
/* No policy handle on this call. Restrict to crypto connections. */
1267
if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
1268
DEBUG(0,("_lsa_lookup_names4: client %s not using schannel for netlogon\n",
1269
get_remote_machine_name() ));
1270
return NT_STATUS_INVALID_PARAMETER;
1273
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
1274
trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries);
1276
if (!ref || !trans_sids) {
1277
return NT_STATUS_NO_MEMORY;
1280
/* set up the LSA Lookup SIDs response */
1281
become_root(); /* lookup_name can require root privs */
1282
r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries,
1283
names, flags, &mapped_count);
1286
if (NT_STATUS_IS_OK(r_u->status)) {
1287
if (mapped_count == 0) {
1288
r_u->status = NT_STATUS_NONE_MAPPED;
1289
} else if (mapped_count != num_entries) {
1290
r_u->status = STATUS_SOME_UNMAPPED;
1294
init_reply_lookup_names4(r_u, ref, num_entries, trans_sids, mapped_count);
735
1295
return r_u->status;