NTSTATUS net_rpc_lookup_name(struct net_context *c, TALLOC_CTX *mem_ctx, struct cli_state *cli, const char *name, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, enum lsa_SidType *ret_type) { struct rpc_pipe_client *lsa_pipe; POLICY_HND pol; NTSTATUS result = NT_STATUS_OK; const char **dom_names; DOM_SID *sids; enum lsa_SidType *types; ZERO_STRUCT(pol); result = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, &lsa_pipe); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Could not initialise lsa pipe\n"); return result; } result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "open_policy failed: %s\n", nt_errstr(result)); return result; } result = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1, &name, &dom_names, 1, &sids, &types); if (!NT_STATUS_IS_OK(result)) { /* This can happen easily, don't log an error */ goto done; } if (ret_domain != NULL) { *ret_domain = dom_names[0]; } if (ret_name != NULL) { *ret_name = talloc_strdup(mem_ctx, name); } if (ret_sid != NULL) { sid_copy(ret_sid, &sids[0]); } if (ret_type != NULL) { *ret_type = types[0]; } done: if (is_valid_policy_hnd(&pol)) { rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol); } TALLOC_FREE(lsa_pipe); return result; }
NTSTATUS net_lookup_sid_from_name(struct net_context *c, TALLOC_CTX *ctx, const char *full_name, struct dom_sid *pret_sid) { NTSTATUS nt_status; struct con_struct *csp = NULL; struct dom_sid *sids = NULL; enum lsa_SidType *types = NULL; csp = create_cs(c, ctx, &nt_status); if (csp == NULL) { return nt_status; } nt_status = rpccli_lsa_lookup_names(csp->lsapipe, ctx, &csp->pol, 1, &full_name, NULL, 1, &sids, &types); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } *pret_sid = sids[0]; /* Converted OK */ return NT_STATUS_OK; }
/* useful function to allow entering a name instead of a SID and * looking it up automatically */ static NTSTATUS name_to_sid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, DOM_SID *sid, const char *name) { struct policy_handle pol; enum lsa_SidType *sid_types; NTSTATUS result; DOM_SID *sids; /* maybe its a raw SID */ if (strncmp(name, "S-", 2) == 0 && string_to_sid(sid, name)) { return NT_STATUS_OK; } result = rpccli_lsa_open_policy(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types); if (!NT_STATUS_IS_OK(result)) goto done; rpccli_lsa_Close(cli, mem_ctx, &pol); *sid = sids[0]; done: return result; }
static NTSTATUS name_to_sid(struct rpc_pipe_client *pipe_hnd, TALLOC_CTX *mem_ctx, struct dom_sid *sid, const char *name) { struct policy_handle pol; enum lsa_SidType *sid_types; NTSTATUS status, result; struct dom_sid *sids; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; /* maybe its a raw SID */ if ( strncmp(name, "S-", 2) == 0 && string_to_sid(sid, name) ) { return NT_STATUS_OK; } status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if ( !NT_STATUS_IS_OK(status) ) return status; status = rpccli_lsa_lookup_names(pipe_hnd, mem_ctx, &pol, 1, &name, NULL, 1, &sids, &sid_types); if ( NT_STATUS_IS_OK(status) ) sid_copy( sid, &sids[0] ); dcerpc_lsa_Close(b, mem_ctx, &pol, &result); return status; }
static NTSTATUS cmd_lsa_lookup_names_level(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, const char **argv) { struct policy_handle pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *sids; enum lsa_SidType *types; int i, level; if (argc < 3) { printf("Usage: %s [level] [name1 [name2 [...]]]\n", argv[0]); return NT_STATUS_OK; } result = rpccli_lsa_open_policy(cli, mem_ctx, True, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(result)) goto done; level = atoi(argv[1]); result = rpccli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 2, (const char**)(argv + 2), NULL, level, &sids, &types); if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) != NT_STATUS_V(STATUS_SOME_UNMAPPED)) goto done; result = NT_STATUS_OK; /* Print results */ for (i = 0; i < (argc - 2); i++) { fstring sid_str; sid_to_fstring(sid_str, &sids[i]); printf("%s %s (%s: %d)\n", argv[i + 2], sid_str, sid_type_lookup(types[i]), types[i]); } rpccli_lsa_Close(cli, mem_ctx, &pol); done: return result; }
/* convert a string to a SID, either numeric or username/group */ static bool StringToSid(struct dom_sid *sid, const char *str) { enum lsa_SidType *types = NULL; struct dom_sid *sids = NULL; bool result = True; if (string_to_sid(sid, str)) { return true; } if (!cli_open_policy_hnd() || !NT_STATUS_IS_OK(rpccli_lsa_lookup_names(global_pipe_hnd, talloc_tos(), &pol, 1, &str, NULL, 1, &sids, &types))) { result = False; goto done; } sid_copy(sid, &sids[0]); done: return result; }
/* convert a string to a SID, either numeric or username/group */ static BOOL StringToSid(DOM_SID *sid, const char *str) { enum lsa_SidType *types = NULL; DOM_SID *sids = NULL; BOOL result = True; if (strncmp(str, "S-", 2) == 0) { return string_to_sid(sid, str); } if (!cli_open_policy_hnd() || !NT_STATUS_IS_OK(rpccli_lsa_lookup_names(global_pipe_hnd, cli_ipc->mem_ctx, &pol, 1, &str, NULL, &sids, &types))) { result = False; goto done; } sid_copy(sid, &sids[0]); done: return result; }
NTSTATUS net_rpc_lookup_name(struct net_context *c, TALLOC_CTX *mem_ctx, struct cli_state *cli, const char *name, const char **ret_domain, const char **ret_name, struct dom_sid *ret_sid, enum lsa_SidType *ret_type) { struct rpc_pipe_client *lsa_pipe = NULL; struct policy_handle pol; NTSTATUS status, result; const char **dom_names; struct dom_sid *sids; enum lsa_SidType *types; struct dcerpc_binding_handle *b; ZERO_STRUCT(pol); status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc.syntax_id, &lsa_pipe); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Could not initialise lsa pipe\n")); return status; } b = lsa_pipe->binding_handle; status = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, false, SEC_FLAG_MAXIMUM_ALLOWED, &pol); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "open_policy %s: %s\n", _("failed"), nt_errstr(status)); return status; } status = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, &pol, 1, &name, &dom_names, 1, &sids, &types); if (!NT_STATUS_IS_OK(status)) { /* This can happen easily, don't log an error */ goto done; } if (ret_domain != NULL) { *ret_domain = dom_names[0]; } if (ret_name != NULL) { *ret_name = talloc_strdup(mem_ctx, name); } if (ret_sid != NULL) { sid_copy(ret_sid, &sids[0]); } if (ret_type != NULL) { *ret_type = types[0]; } done: if (is_valid_policy_hnd(&pol)) { dcerpc_lsa_Close(b, mem_ctx, &pol, &result); } TALLOC_FREE(lsa_pipe); return status; }
/* convert a single name to a sid in a domain */ NTSTATUS rpc_name_to_sid(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *lsa_pipe, struct policy_handle *lsa_policy, const char *domain_name, const char *name, uint32_t flags, struct dom_sid *sid, enum lsa_SidType *type) { enum lsa_SidType *types = NULL; struct dom_sid *sids = NULL; char *full_name = NULL; const char *names[1]; char *mapped_name = NULL; NTSTATUS status; if (name == NULL || name[0] == '\0') { full_name = talloc_asprintf(mem_ctx, "%s", domain_name); } else if (domain_name == NULL || domain_name[0] == '\0') { full_name = talloc_asprintf(mem_ctx, "%s", name); } else { full_name = talloc_asprintf(mem_ctx, "%s\\%s", domain_name, name); } if (full_name == NULL) { return NT_STATUS_NO_MEMORY; } status = normalize_name_unmap(mem_ctx, full_name, &mapped_name); /* Reset the full_name pointer if we mapped anything */ if (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) { full_name = mapped_name; } DEBUG(3,("name_to_sid: %s for domain %s\n", full_name ? full_name : "", domain_name )); names[0] = full_name; /* * We don't run into deadlocks here, cause winbind_off() is * called in the main function. */ status = rpccli_lsa_lookup_names(lsa_pipe, mem_ctx, lsa_policy, 1, /* num_names */ names, NULL, /* domains */ 1, /* level */ &sids, &types); if (!NT_STATUS_IS_OK(status)) { DEBUG(2,("name_to_sid: failed to lookup name: %s\n", nt_errstr(status))); return status; } sid_copy(sid, &sids[0]); *type = types[0]; return NT_STATUS_OK; }