NTSTATUS net_rpc_lookup_name(struct net_context *c,
TALLOC_CTX *mem_ctx, struct cli_state *cli,
const char *name, const char **ret_domain,
const char **ret_name, DOM_SID *ret_sid,
enum lsa_SidType *ret_type)
{
struct rpc_pipe_client *lsa_pipe;
POLICY_HND pol;
NTSTATUS result = NT_STATUS_OK;
const char **dom_names;
DOM_SID *sids;
enum lsa_SidType *types;
ZERO_STRUCT(pol);
result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
&lsa_pipe);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "Could not initialise lsa pipe\n");
return result;
}
result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result)) {
d_fprintf(stderr, "open_policy failed: %s\n",
nt_errstr(result));
return result;
}
result = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1,
&name, &dom_names, 1, &sids, &types);
if (!NT_STATUS_IS_OK(result)) {
/* This can happen easily, don't log an error */
goto done;
}
if (ret_domain != NULL) {
*ret_domain = dom_names[0];
}
if (ret_name != NULL) {
*ret_name = talloc_strdup(mem_ctx, name);
}
if (ret_sid != NULL) {
sid_copy(ret_sid, &sids[0]);
}
if (ret_type != NULL) {
*ret_type = types[0];
}
done:
if (is_valid_policy_hnd(&pol)) {
rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
}
TALLOC_FREE(lsa_pipe);
return result;
}
NTSTATUS net_lookup_sid_from_name(struct net_context *c, TALLOC_CTX *ctx,
const char *full_name, struct dom_sid *pret_sid)
{
NTSTATUS nt_status;
struct con_struct *csp = NULL;
struct dom_sid *sids = NULL;
enum lsa_SidType *types = NULL;
csp = create_cs(c, ctx, &nt_status);
if (csp == NULL) {
return nt_status;
}
nt_status = rpccli_lsa_lookup_names(csp->lsapipe, ctx,
&csp->pol,
1,
&full_name,
NULL, 1,
&sids, &types);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
*pret_sid = sids[0];
/* Converted OK */
return NT_STATUS_OK;
}
/* useful function to allow entering a name instead of a SID and
* looking it up automatically */
static NTSTATUS name_to_sid(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
DOM_SID *sid, const char *name)
{
struct policy_handle pol;
enum lsa_SidType *sid_types;
NTSTATUS result;
DOM_SID *sids;
/* maybe its a raw SID */
if (strncmp(name, "S-", 2) == 0 &&
string_to_sid(sid, name)) {
return NT_STATUS_OK;
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types);
if (!NT_STATUS_IS_OK(result))
goto done;
rpccli_lsa_Close(cli, mem_ctx, &pol);
*sid = sids[0];
done:
return result;
}
static NTSTATUS name_to_sid(struct rpc_pipe_client *pipe_hnd,
TALLOC_CTX *mem_ctx,
struct dom_sid *sid, const char *name)
{
struct policy_handle pol;
enum lsa_SidType *sid_types;
NTSTATUS status, result;
struct dom_sid *sids;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
/* maybe its a raw SID */
if ( strncmp(name, "S-", 2) == 0 && string_to_sid(sid, name) ) {
return NT_STATUS_OK;
}
status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
SEC_FLAG_MAXIMUM_ALLOWED, &pol);
if ( !NT_STATUS_IS_OK(status) )
return status;
status = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &pol, 1, &name,
NULL, 1, &sids, &sid_types);
if ( NT_STATUS_IS_OK(status) )
sid_copy( sid, &sids[0] );
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
return status;
}
static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx, int argc,
const char **argv)
{
struct policy_handle pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID *sids;
enum lsa_SidType *types;
int i, level;
if (argc < 3) {
printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]);
return NT_STATUS_OK;
}
result = rpccli_lsa_open_policy(cli, mem_ctx, True,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(result))
goto done;
level = atoi(argv[1]);
result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2,
(const char**)(argv + 2), NULL, level, &sids, &types);
if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
NT_STATUS_V(STATUS_SOME_UNMAPPED))
goto done;
result = NT_STATUS_OK;
/* Print results */
for (i = 0; i < (argc - 2); i++) {
fstring sid_str;
sid_to_fstring(sid_str, &sids[i]);
printf("%s %s (%s: %d)\n", argv[i + 2], sid_str,
sid_type_lookup(types[i]), types[i]);
}
rpccli_lsa_Close(cli, mem_ctx, &pol);
done:
return result;
}
/* convert a string to a SID, either numeric or username/group */
static bool StringToSid(struct dom_sid *sid, const char *str)
{
enum lsa_SidType *types = NULL;
struct dom_sid *sids = NULL;
bool result = True;
if (string_to_sid(sid, str)) {
return true;
}
if (!cli_open_policy_hnd() ||
!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(global_pipe_hnd, talloc_tos(),
&pol, 1, &str, NULL, 1, &sids,
&types))) {
result = False;
goto done;
}
sid_copy(sid, &sids[0]);
done:
return result;
}
/* convert a string to a SID, either numeric or username/group */
static BOOL StringToSid(DOM_SID *sid, const char *str)
{
enum lsa_SidType *types = NULL;
DOM_SID *sids = NULL;
BOOL result = True;
if (strncmp(str, "S-", 2) == 0) {
return string_to_sid(sid, str);
}
if (!cli_open_policy_hnd() ||
!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(global_pipe_hnd, cli_ipc->mem_ctx,
&pol, 1, &str, NULL, &sids,
&types))) {
result = False;
goto done;
}
sid_copy(sid, &sids[0]);
done:
return result;
}
NTSTATUS net_rpc_lookup_name(struct net_context *c,
TALLOC_CTX *mem_ctx, struct cli_state *cli,
const char *name, const char **ret_domain,
const char **ret_name, struct dom_sid *ret_sid,
enum lsa_SidType *ret_type)
{
struct rpc_pipe_client *lsa_pipe = NULL;
struct policy_handle pol;
NTSTATUS status, result;
const char **dom_names;
struct dom_sid *sids;
enum lsa_SidType *types;
struct dcerpc_binding_handle *b;
ZERO_STRUCT(pol);
status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id,
&lsa_pipe);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Could not initialise lsa pipe\n"));
return status;
}
b = lsa_pipe->binding_handle;
status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false,
SEC_FLAG_MAXIMUM_ALLOWED,
&pol);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "open_policy %s: %s\n", _("failed"),
nt_errstr(status));
return status;
}
status = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1,
&name, &dom_names, 1, &sids, &types);
if (!NT_STATUS_IS_OK(status)) {
/* This can happen easily, don't log an error */
goto done;
}
if (ret_domain != NULL) {
*ret_domain = dom_names[0];
}
if (ret_name != NULL) {
*ret_name = talloc_strdup(mem_ctx, name);
}
if (ret_sid != NULL) {
sid_copy(ret_sid, &sids[0]);
}
if (ret_type != NULL) {
*ret_type = types[0];
}
done:
if (is_valid_policy_hnd(&pol)) {
dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
}
TALLOC_FREE(lsa_pipe);
return status;
}
/* convert a single name to a sid in a domain */
NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx,
struct rpc_pipe_client *lsa_pipe,
struct policy_handle *lsa_policy,
const char *domain_name,
const char *name,
uint32_t flags,
struct dom_sid *sid,
enum lsa_SidType *type)
{
enum lsa_SidType *types = NULL;
struct dom_sid *sids = NULL;
char *full_name = NULL;
const char *names[1];
char *mapped_name = NULL;
NTSTATUS status;
if (name == NULL || name[0] == '\0') {
full_name = talloc_asprintf(mem_ctx, "%s", domain_name);
} else if (domain_name == NULL || domain_name[0] == '\0') {
full_name = talloc_asprintf(mem_ctx, "%s", name);
} else {
full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain_name, name);
}
if (full_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = normalize_name_unmap(mem_ctx, full_name, &mapped_name);
/* Reset the full_name pointer if we mapped anything */
if (NT_STATUS_IS_OK(status) ||
NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
full_name = mapped_name;
}
DEBUG(3,("name_to_sid: %s for domain %s\n",
full_name ? full_name : "", domain_name ));
names[0] = full_name;
/*
* We don't run into deadlocks here, cause winbind_off() is
* called in the main function.
*/
status = rpccli_lsa_lookup_names(lsa_pipe,
mem_ctx,
lsa_policy,
1, /* num_names */
names,
NULL, /* domains */
1, /* level */
&sids,
&types);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(2,("name_to_sid: failed to lookup name: %s\n",
nt_errstr(status)));
return status;
}
sid_copy(sid, &sids[0]);
*type = types[0];
return NT_STATUS_OK;
}